Skip to content

Validation issues #107

Open
Open
Validation issues#107
@fraballi

Description

@fraballi
fraballi
opened on Jun 24, 2020

There are some issues parsing pseudo-selectors, even when regexp were tested for expressions:
Where would you recommend dealing with this kind of security issues in antisamy.xml.

The selectors were:

    *.cf:after
    *.cf:before
    *:after
    *:before
    input[type="email"]
    input[type="text"]
    input[type="password"]
    input[type="checkbox"]
    input[type="radio"]
    input[type="search"]

Log:

0 = "The stylesheet had a property, "display", that could not be allowed for security reasons."
1 = "The stylesheet had a property, "quotes", that could not be allowed for security reasons."
2 = "The stylesheet had a selector, "*.cf:after", that could not be allowed for security reasons."
3 = "The stylesheet had a selector, "*.cf:before", that could not be allowed for security reasons."
4 = "The stylesheet had a selector, "*.cf:after", that could not be allowed for security reasons."
5 = "The stylesheet had a selector, "*:before", that could not be allowed for security reasons."
6 = "The stylesheet had a selector, "*:after", that could not be allowed for security reasons."
7 = "The stylesheet had a selector, "input[type="email"]", that could not be allowed for security reasons."
8 = "The stylesheet had a selector, "input[type="text"]", that could not be allowed for security reasons."
9 = "The stylesheet had a selector, "input[type="password"]", that could not be allowed for security reasons."
10 = "The stylesheet had a selector, "input[type="email"]:focus", that could not be allowed for security reasons."
11 = "The stylesheet had a selector, "input[type="text"]:focus", that could not be allowed for security reasons."
12 = "The stylesheet had a selector, "input[type="password"]:focus", that could not be allowed for security reasons."
13 = "The stylesheet had a selector, "input[type="checkbox"]", that could not be allowed for security reasons."
14 = "The stylesheet had a selector, "input[type="radio"]", that could not be allowed for security reasons."
15 = "The stylesheet had a selector, "input[type="search"]", that could not be allowed for security reasons."

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions