2009/3/24 Matthew Toseland <toad at amphibian.dyndns.org>:
> On Saturday 21 March 2009 05:17:37 Daniel Cheng wrote:
>> 2009/3/21 Matthew Toseland <toad at amphibian.dyndns.org>:
>> > On Friday 20 March 2009 06:06:02 j16sdiz at freenetproject.org wrote:
>> >> Author: j16sdiz
>> >> Date: 2009-03-20 06:06:00 +0000 (Fri, 20 Mar 2009)
>> >> New Revision: 26115
>> >>
>> >> Modified:
>> >> ? ?trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.java
>> >> ? ?trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.jflex
>> >> Log:
>> >> More CSS fix
>> >>
>> > ...
>> >> Modified:
>> > trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.jflex
>> >> ===================================================================
>> >> ---
> trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.jflex
>> > 2009-03-20 02:56:03 UTC (rev 26114)
>> >> +++
> trunk/freenet/src/freenet/clients/http/filter/CSSTokenizerFilter.jflex
>> > 2009-03-20 06:06:00 UTC (rev 26115)
>> >> @@ -438,7 +438,7 @@
>> >> ?{IDENT}"(" {
>> >> ? ? ? String s = yytext();
>> >> ? ? ? if(s.toLowerCase().startsWith("url"))
>> > throwError(l10n("invalidURLContents"));
>> >> - ? ? if(!s.toLowerCase().startsWith("rgb"))
>> > throwError(l10n("invalidURLContents"));
>> >> + ? ? if(!s.toLowerCase().startsWith("rgb")
>> > && !s.toLowerCase().startsWith("attr"))
>> > throwError(l10n("invalidURLContents"));
>> >
>> > Why startsWith? What functions are attr*?
>>
>> you can do something like this in css:
>> ? ?h1:after ? { ? content: attr(title) ?}
>>
>> <h1 title="xxxx"> ? ... </h1>
>>
>> would give ? xxxx in the text.
>
> And this is always safe? The content is not parsed or mangled, it cannot
> contain markup, it is just displayed?
>just text or images [ using url( attr( .. ) ) ... this would rejected as invalid url ], no html, no scripts.
