From 94ed3b1231f3c69b9d74a2540276b9ed63eb962b Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Thu, 24 Mar 2011 22:54:39 +0000 Subject: [PATCH] Implement CSS.AllowedFonts. Signed-off-by: Edward Z. Yang --- NEWS | 1 + library/HTMLPurifier/AttrDef/CSS/FontFamily.php | 10 ++++++++-- library/HTMLPurifier/ConfigSchema/schema.ser | Bin 13966 -> 14047 bytes .../ConfigSchema/schema/CSS.AllowedFonts.txt | 12 ++++++++++++ tests/HTMLPurifier/AttrDef/CSS/FontFamilyTest.php | 11 +++++++++++ 5 files changed, 32 insertions(+), 2 deletions(-) rewrite library/HTMLPurifier/ConfigSchema/schema.ser (93%) create mode 100644 library/HTMLPurifier/ConfigSchema/schema/CSS.AllowedFonts.txt diff --git a/NEWS b/NEWS index e198c9ce..9ec10c5c 100644 --- a/NEWS +++ b/NEWS @@ -22,6 +22,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier directory/file permissions ! Fix longstanding bug in Flash support for non-IE browsers, and allow more wmode attributes. +! Add %CSS.AllowedFonts to restrict permissible font names. - Switch to an iterative traversal of the DOM, which prevents us from running out of stack space for deeply nested documents. Thanks Maxim Krizhanovsky for contributing a patch. diff --git a/library/HTMLPurifier/AttrDef/CSS/FontFamily.php b/library/HTMLPurifier/AttrDef/CSS/FontFamily.php index 42c2054c..c29834b6 100644 --- a/library/HTMLPurifier/AttrDef/CSS/FontFamily.php +++ b/library/HTMLPurifier/AttrDef/CSS/FontFamily.php @@ -2,7 +2,6 @@ /** * Validates a font family list according to CSS spec - * @todo whitelisting allowed fonts would be nice */ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef { @@ -15,6 +14,7 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef 'fantasy' => true, 'cursive' => true ); + $allowed_fonts = $config->get('CSS.AllowedFonts'); // assume that no font names contain commas in them $fonts = explode(',', $string); @@ -24,7 +24,9 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef if ($font === '') continue; // match a generic name if (isset($generic_names[$font])) { - $final .= $font . ', '; + if ($allowed_fonts === null || isset($allowed_fonts[$font])) { + $final .= $font . ', '; + } continue; } // match a quoted name @@ -40,6 +42,10 @@ class HTMLPurifier_AttrDef_CSS_FontFamily extends HTMLPurifier_AttrDef // $font is a pure representation of the font name + if ($allowed_fonts !== null && !isset($allowed_fonts[$font])) { + continue; + } + if (ctype_alnum($font) && $font !== '') { // very simple font, allow it in unharmed $final .= $font . ', '; diff --git a/library/HTMLPurifier/ConfigSchema/schema.ser b/library/HTMLPurifier/ConfigSchema/schema.ser dissimilarity index 93% index 1a70feba4e11e9efc163a8e4b76c137950e2d064..0e220c8ed8ec444e65e78a554be34331f807542e 100644 GIT binary patch delta 133 zcwXzvy`MY5oY7+PMMc@ox`M}<#SP7@l$?Wu^&E3@^2<|G-175Eij}PWHh&aZ$20l3 jfCq7E@AEJkZoa5^iA4&#noKKQi^(5F_?;F + Allows you to manually specify a set of allowed fonts. If + NULL, all fonts are allowed. This directive + affects generic names (serif, sans-serif, monospace, cursive, + fantasy) as well as specific font families. +

+--# vim: et sw=4 sts=4 diff --git a/tests/HTMLPurifier/AttrDef/CSS/FontFamilyTest.php b/tests/HTMLPurifier/AttrDef/CSS/FontFamilyTest.php index aff10528..2060076b 100644 --- a/tests/HTMLPurifier/AttrDef/CSS/FontFamilyTest.php +++ b/tests/HTMLPurifier/AttrDef/CSS/FontFamilyTest.php @@ -34,6 +34,17 @@ class HTMLPurifier_AttrDef_CSS_FontFamilyTest extends HTMLPurifier_AttrDefHarnes $this->assertDef("'\\\nf'", "f"); } + function testAllowed() { + $this->config->set('CSS.AllowedFonts', array('serif', 'Times New Roman')); + + $this->assertDef('serif'); + $this->assertDef('sans-serif', false); + $this->assertDef('serif, sans-serif', 'serif'); + $this->assertDef('Times New Roman', '"Times New Roman"'); + $this->assertDef('"Times New Roman"'); + $this->assertDef('foo', false); + } + } // vim: et sw=4 sts=4 -- 2.11.4.GIT