Better handling of SVG attributes which admit uri refs

Just strip out the URI ref, leaving alternates.
This commit is contained in:
Jacques Distler 2007-10-27 23:08:13 -05:00
parent 5208bbf0af
commit f24c60c3fb
2 changed files with 11 additions and 11 deletions

View file

@ -123,9 +123,9 @@ module HTML5
if val_unescaped =~ /^[a-z0-9][-+.a-z0-9]*:/ and !self.class.const_get("ALLOWED_PROTOCOLS").include?(val_unescaped.split(':')[0]) if val_unescaped =~ /^[a-z0-9][-+.a-z0-9]*:/ and !self.class.const_get("ALLOWED_PROTOCOLS").include?(val_unescaped.split(':')[0])
attrs.delete attr attrs.delete attr
end end
SVG_ATTR_VAL_ALLOWS_REF.each do |attr|
attrs.delete attr if attrs[attr].to_s.downcase =~ /url\(\s*[^#]/m
end end
SVG_ATTR_VAL_ALLOWS_REF.each do |attr|
attrs[attr] = attrs[attr].to_s.gsub(/url\s*\(\s*[^#\s][^)]+?\)/m, ' ') if attrs[attr]
end end
if attrs['style'] if attrs['style']
attrs['style'] = sanitize_css(attrs['style']) attrs['style'] = sanitize_css(attrs['style'])

View file

@ -424,15 +424,15 @@
{ {
"name": "absolute_uri_refs_in_svg_attributes", "name": "absolute_uri_refs_in_svg_attributes",
"input": "<rect fill='url(http://bad.com/)' />", "input": "<rect fill='url(http://bad.com/) #fff' />",
"rexml": "<rect></rect>", "rexml": "<rect fill=' #fff'></rect>",
"xhtml": "<rect></rect>", "xhtml": "<rect fill=' #fff'></rect>",
"output": "<rect/>" "output": "<rect fill=' #fff'/>"
}, },
{ {
"name": "uri_ref_with_space_in svg_attribute", "name": "uri_ref_with_space_in svg_attribute",
"input": "<rect fill=\"url(\n#foo)\" />", "input": "<rect fill='url(\n#foo)' />",
"rexml": "<rect fill=\'url(\n#foo)\'></rect>", "rexml": "<rect fill=\'url(\n#foo)\'></rect>",
"xhtml": "<rect fill=\'url(\n#foo)\'></rect>", "xhtml": "<rect fill=\'url(\n#foo)\'></rect>",
"output": "<rect fill=\'url(\n#foo)\'/>" "output": "<rect fill=\'url(\n#foo)\'/>"
@ -441,8 +441,8 @@
{ {
"name": "absolute_uri_ref_with_space_in svg_attribute", "name": "absolute_uri_ref_with_space_in svg_attribute",
"input": "<rect fill=\"url(\nhttp://bad.com/)\" />", "input": "<rect fill=\"url(\nhttp://bad.com/)\" />",
"rexml": "<rect></rect>", "rexml": "<rect fill=' '></rect>",
"xhtml": "<rect></rect>", "xhtml": "<rect fill=' '></rect>",
"output": "<rect/>" "output": "<rect fill=' '/>"
} }
] ]