search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
PR c++/86342 - -Wdeprecated-copy and system headers.
[official-gcc.git] / libgo / go / html / template / css.go
blob9154d8636dab0fca200837df5249b11859eb2555
1 // Copyright 2011 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
4
5 package template
6
7 import (
8 "bytes"
9 "fmt"
10 "unicode"
11 "unicode/utf8"
12 )
13
14 // endsWithCSSKeyword reports whether b ends with an ident that
15 // case-insensitively matches the lower-case kw.
16 func endsWithCSSKeyword(b []byte, kw string) bool {
17 i := len(b) - len(kw)
18 if i < 0 {
19 // Too short.
20 return false
21 }
22 if i != 0 {
23 r, _ := utf8.DecodeLastRune(b[:i])
24 if isCSSNmchar(r) {
25 // Too long.
26 return false
27 }
28 }
29 // Many CSS keywords, such as "!important" can have characters encoded,
30 // but the URI production does not allow that according to
31 // http://www.w3.org/TR/css3-syntax/#TOK-URI
32 // This does not attempt to recognize encoded keywords. For example,
33 // given "\75\72\6c" and "url" this return false.
34 return string(bytes.ToLower(b[i:])) == kw
35 }
36
37 // isCSSNmchar reports whether rune is allowed anywhere in a CSS identifier.
38 func isCSSNmchar(r rune) bool {
39 // Based on the CSS3 nmchar production but ignores multi-rune escape
40 // sequences.
41 // http://www.w3.org/TR/css3-syntax/#SUBTOK-nmchar
42 return 'a' <= r && r <= 'z' ||
43 'A' <= r && r <= 'Z' ||
44 '0' <= r && r <= '9' ||
45 r == '-' ||
46 r == '_' ||
47 // Non-ASCII cases below.
48 0x80 <= r && r <= 0xd7ff ||
49 0xe000 <= r && r <= 0xfffd ||
50 0x10000 <= r && r <= 0x10ffff
51 }
52
53 // decodeCSS decodes CSS3 escapes given a sequence of stringchars.
54 // If there is no change, it returns the input, otherwise it returns a slice
55 // backed by a new array.
56 // http://www.w3.org/TR/css3-syntax/#SUBTOK-stringchar defines stringchar.
57 func decodeCSS(s []byte) []byte {
58 i := bytes.IndexByte(s, '\\')
59 if i == -1 {
60 return s
61 }
62 // The UTF-8 sequence for a codepoint is never longer than 1 + the
63 // number hex digits need to represent that codepoint, so len(s) is an
64 // upper bound on the output length.
65 b := make([]byte, 0, len(s))
66 for len(s) != 0 {
67 i := bytes.IndexByte(s, '\\')
68 if i == -1 {
69 i = len(s)
70 }
71 b, s = append(b, s[:i]...), s[i:]
72 if len(s) < 2 {
73 break
74 }
75 // http://www.w3.org/TR/css3-syntax/#SUBTOK-escape
76 // escape ::= unicode | '\' [#x20-#x7E#x80-#xD7FF#xE000-#xFFFD#x10000-#x10FFFF]
77 if isHex(s[1]) {
78 // http://www.w3.org/TR/css3-syntax/#SUBTOK-unicode
79 // unicode ::= '\' [0-9a-fA-F]{1,6} wc?
80 j := 2
81 for j < len(s) && j < 7 && isHex(s[j]) {
82 j++
83 }
84 r := hexDecode(s[1:j])
85 if r > unicode.MaxRune {
86 r, j = r/16, j-1
87 }
88 n := utf8.EncodeRune(b[len(b):cap(b)], r)
89 // The optional space at the end allows a hex
90 // sequence to be followed by a literal hex.
91 // string(decodeCSS([]byte(`\A B`))) == "\nB"
92 b, s = b[:len(b)+n], skipCSSSpace(s[j:])
93 } else {
94 // `\\` decodes to `\` and `\"` to `"`.
95 _, n := utf8.DecodeRune(s[1:])
96 b, s = append(b, s[1:1+n]...), s[1+n:]
97 }
98 }
99 return b
100 }
101
102 // isHex reports whether the given character is a hex digit.
103 func isHex(c byte) bool {
104 return '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F'
105 }
106
107 // hexDecode decodes a short hex digit sequence: "10" -> 16.
108 func hexDecode(s []byte) rune {
109 n := '\x00'
110 for _, c := range s {
111 n <<= 4
112 switch {
113 case '0' <= c && c <= '9':
114 n |= rune(c - '0')
115 case 'a' <= c && c <= 'f':
116 n |= rune(c-'a') + 10
117 case 'A' <= c && c <= 'F':
118 n |= rune(c-'A') + 10
119 default:
120 panic(fmt.Sprintf("Bad hex digit in %q", s))
121 }
122 }
123 return n
124 }
125
126 // skipCSSSpace returns a suffix of c, skipping over a single space.
127 func skipCSSSpace(c []byte) []byte {
128 if len(c) == 0 {
129 return c
130 }
131 // wc ::= #x9 | #xA | #xC | #xD | #x20
132 switch c[0] {
133 case '\t', '\n', '\f', ' ':
134 return c[1:]
135 case '\r':
136 // This differs from CSS3's wc production because it contains a
137 // probable spec error whereby wc contains all the single byte
138 // sequences in nl (newline) but not CRLF.
139 if len(c) >= 2 && c[1] == '\n' {
140 return c[2:]
141 }
142 return c[1:]
143 }
144 return c
145 }
146
147 // isCSSSpace reports whether b is a CSS space char as defined in wc.
148 func isCSSSpace(b byte) bool {
149 switch b {
150 case '\t', '\n', '\f', '\r', ' ':
151 return true
152 }
153 return false
154 }
155
156 // cssEscaper escapes HTML and CSS special characters using \<hex>+ escapes.
157 func cssEscaper(args ...interface{}) string {
158 s, _ := stringify(args...)
159 var b bytes.Buffer
160 r, w, written := rune(0), 0, 0
161 for i := 0; i < len(s); i += w {
162 // See comment in htmlEscaper.
163 r, w = utf8.DecodeRuneInString(s[i:])
164 var repl string
165 switch {
166 case int(r) < len(cssReplacementTable) && cssReplacementTable[r] != "":
167 repl = cssReplacementTable[r]
168 default:
169 continue
170 }
171 b.WriteString(s[written:i])
172 b.WriteString(repl)
173 written = i + w
174 if repl != `\\` && (written == len(s) || isHex(s[written]) || isCSSSpace(s[written])) {
175 b.WriteByte(' ')
176 }
177 }
178 if written == 0 {
179 return s
180 }
181 b.WriteString(s[written:])
182 return b.String()
183 }
184
185 var cssReplacementTable = []string{
186 0: `\0`,
187 '\t': `\9`,
188 '\n': `\a`,
189 '\f': `\c`,
190 '\r': `\d`,
191 // Encode HTML specials as hex so the output can be embedded
192 // in HTML attributes without further encoding.
193 '"': `\22`,
194 '&': `\26`,
195 '\'': `\27`,
196 '(': `\28`,
197 ')': `\29`,
198 '+': `\2b`,
199 '/': `\2f`,
200 ':': `\3a`,
201 ';': `\3b`,
202 '<': `\3c`,
203 '>': `\3e`,
204 '\\': `\\`,
205 '{': `\7b`,
206 '}': `\7d`,
207 }
208
209 var expressionBytes = []byte("expression")
210 var mozBindingBytes = []byte("mozbinding")
211
212 // cssValueFilter allows innocuous CSS values in the output including CSS
213 // quantities (10px or 25%), ID or class literals (#foo, .bar), keyword values
214 // (inherit, blue), and colors (#888).
215 // It filters out unsafe values, such as those that affect token boundaries,
216 // and anything that might execute scripts.
217 func cssValueFilter(args ...interface{}) string {
218 s, t := stringify(args...)
219 if t == contentTypeCSS {
220 return s
221 }
222 b, id := decodeCSS([]byte(s)), make([]byte, 0, 64)
223
224 // CSS3 error handling is specified as honoring string boundaries per
225 // http://www.w3.org/TR/css3-syntax/#error-handling :
226 // Malformed declarations. User agents must handle unexpected
227 // tokens encountered while parsing a declaration by reading until
228 // the end of the declaration, while observing the rules for
229 // matching pairs of (), [], {}, "", and '', and correctly handling
230 // escapes. For example, a malformed declaration may be missing a
231 // property, colon (:) or value.
232 // So we need to make sure that values do not have mismatched bracket
233 // or quote characters to prevent the browser from restarting parsing
234 // inside a string that might embed JavaScript source.
235 for i, c := range b {
236 switch c {
237 case 0, '"', '\'', '(', ')', '/', ';', '@', '[', '\\', ']', '`', '{', '}':
238 return filterFailsafe
239 case '-':
240 // Disallow <!-- or -->.
241 // -- should not appear in valid identifiers.
242 if i != 0 && b[i-1] == '-' {
243 return filterFailsafe
244 }
245 default:
246 if c < utf8.RuneSelf && isCSSNmchar(rune(c)) {
247 id = append(id, c)
248 }
249 }
250 }
251 id = bytes.ToLower(id)
252 if bytes.Contains(id, expressionBytes) || bytes.Contains(id, mozBindingBytes) {
253 return filterFailsafe
254 }
255 return string(b)
256 }
Mirror of the offical gcc git repository hosted at gcc.gnu.org