发表新帖
发表新帖

Sanitizing CSS in Rails

后端 未结
关注
2 1366
慢半拍i
慢半拍i 2020-12-30 06:13

I want to allow the users of a web app that I\'m building to write their own CSS in order to customize their profile page.

However I am aware of this opening up for

相关标签:
2条回答
  • 陌清茗
    2020-12-30 06:43

    There's also some code called css_file_sanitize: https://github.com/courtenay/css_file_sanitize

    Comparing it to the Rails sanitize command I find that both use regular expressions to strip out undesirable portions of the CSS.

    Here's the source for css_file_sanitize: https://github.com/courtenay/css_file_sanitize/blob/master/lib/css_sanitize.rb

    Here's the source for Rails sanitize: https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb

    0 讨论(0)
  • 猫巷女王i
    2020-12-30 06:46

    Rails has a built-in css sanitizer

    See http://apidock.com/rails/ActionView/Helpers/SanitizeHelper/sanitize_css and its parent http://apidock.com/rails/ActionView/Helpers/SanitizeHelper/sanitize

    > ActionController::Base.helpers.sanitize_css('background:#fff')
=> "background: #fff;" 
> ActionController::Base.helpers.sanitize_css('javascript:alert("garr");')
=> ""
    0 讨论(0)
 看不清?
提交回复
热议问题