On Saturday 21 March 2009 05:17:37 Daniel Cheng wrote:
> 2009/3/21 Matthew Toseland <toad at amphibian.dyndns.org>:
> > On Friday 20 March 2009 06:06:02 j16sdiz at freenetproject.org wrote:
> >> Author: j16sdiz
> >> Date: 2009-03-20 06:06:00 +0000 (Fri, 20 Mar 2009)
> >> New Revision: 26115
> >>
> >> Modified:
> >> ? ?trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.java
> >> ? ?trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.jflex
> >> Log:
> >> More CSS fix
> >>
> > ...
> >> Modified:
> > trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.jflex
> >> ===================================================================
> >> ---
trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.jflex
> > 2009-03-20 02:56:03 UTC (rev 26114)
> >> +++
trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.jflex
> > 2009-03-20 06:06:00 UTC (rev 26115)
> >> @@ -438,7 +438,7 @@
> >> ?{IDENT}"(" {
> >> ? ? ? String s = yytext();
> >> ? ? ? if(s.toLowerCase().startsWith("url"))
> > throwError(l10n("invalidURLContents"));
> >> - ? ? if(!s.toLowerCase().startsWith("rgb"))
> > throwError(l10n("invalidURLContents"));
> >> + ? ? if(!s.toLowerCase().startsWith("rgb")
> > && !s.toLowerCase().startsWith("attr"))
> > throwError(l10n("invalidURLContents"));
> >
> > Why startsWith? What functions are attr*?
>
> you can do something like this in css:
> h1:after { content: attr(title) }
>
> <h1 title="xxxx"> ... </h1>
>
> would give xxxx in the text.
And this is always safe? The content is not parsed or mangled, it cannot
contain markup, it is just displayed?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 835 bytes
Desc: This is a digitally signed message part.
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20090324/71813466/attachment.pgp>
