Skip to content
This repository has been archived by the owner on Sep 11, 2024. It is now read-only.

Allow [bf]g colors for <font> style attrib #610

Merged
merged 9 commits into from
Mar 3, 2017
Merged

Allow [bf]g colors for <font> style attrib #610

merged 9 commits into from
Mar 3, 2017

Commits on Jan 11, 2017

  1. Allow [bf]g colors for <font> style attrib 

    Instead of dropping the style attribute on `<font>` tags entirely, sanitise aggressively and only keep `background-color` and `color` keys, and also sanitise the values to prevent `url(XXXXXX)` and `expression(XXXXXX)` type XSS attacks.
    Luke Barnard committed Jan 11, 2017
    Configuration menu
    Copy the full SHA
    8e3f2eb View commit details
    Browse the repository at this point in the history

  2. Only transform <font>

    Luke Barnard committed Jan 11, 2017
    Configuration menu
    Copy the full SHA
    32185be View commit details
    Browse the repository at this point in the history

Commits on Feb 9, 2017

  1. Merge branch 'develop' into luke/feature-css-msg-colors

    @lukebarnard1
    lukebarnard1 committed Feb 9, 2017
    Configuration menu
    Copy the full SHA
    ae03244 View commit details
    Browse the repository at this point in the history

Commits on Feb 27, 2017

  1. Sanitise for *, fix style issues

    Luke Barnard committed Feb 27, 2017
    Configuration menu
    Copy the full SHA
    886b0a3 View commit details
    Browse the repository at this point in the history

  2. Allow span, and only allow style attrib

    Luke Barnard committed Feb 27, 2017
    Configuration menu
    Copy the full SHA
    5fc828f View commit details
    Browse the repository at this point in the history

Commits on Mar 2, 2017

  1. Use data-mx[-bg]-color instead of stripping style 

    This has the benefit of not needing a spec for custom CSS. Instead we rigourously sanitise the values for custom data attributes that are transformed to CSS equivalents. `data-mx-color` translates to CSS `color` for example.
    Luke Barnard committed Mar 2, 2017
    Configuration menu
    Copy the full SHA
    36795fa View commit details
    Browse the repository at this point in the history

  2. Remove custom attribs as consumed

    Luke Barnard committed Mar 2, 2017
    Configuration menu
    Copy the full SHA
    b951713 View commit details
    Browse the repository at this point in the history

  3. Have COLOR_REGEX constant

    Luke Barnard committed Mar 2, 2017
    Configuration menu
    Copy the full SHA
    0f8ab99 View commit details
    Browse the repository at this point in the history

  4. Update comment

    Luke Barnard committed Mar 2, 2017
    Configuration menu
    Copy the full SHA
    f4278b6 View commit details
    Browse the repository at this point in the history