Homec4science
Diffusion Phabricator f712ae718ccc

Added `-` to the whitelist for CSS rules
f712ae718ccc
Actions

Authored by Josh Cox <joshcox@uberatc.com> on Sep 8 2016, 05:29.

Description

Added - to the whitelist for CSS rules

Summary: Fixes T11567. This way people can use things like sans-serif and -webkit-small-control for their "monospaced" font

Test Plan:
I added the hyphen to the regex then was able to set my Monospaced Font to be anything with a hyphen in it.

I also tried to break it pretty extensively, but couldn't find anything that would let me write malicious CSS or JS.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, yelirekim

Maniphest Tasks: T11567

Differential Revision: https://secure.phabricator.com/D16519

Details

Committed
Josh Cox <joshcox@uberatc.com>Sep 8 2016, 05:44
Pushed
aubortJan 31 2017, 17:16
Parents
rPH0030bda17ea3: Check if app is installed for user before displying
Branches
Unknown
Tags
Unknown

Event Timeline

Josh Cox <joshcox@uberatc.com> committed rPHf712ae718ccc: Added `-` to the whitelist for CSS rules (authored by Josh Cox <joshcox@uberatc.com>).Sep 8 2016, 05:44

Changes (1)

Path
Msrc/applications/settings/setting/PhabricatorMonospacedFontSetting.php

rPHf712ae718ccc

View Options

src/applications/settings/setting/PhabricatorMonospacedFontSetting.php

Loading...
c4science ยท Help