Skip to content

Commit b23fd79

Browse files
eivindsdeivindsd
authored
Merge pull request #18 from digipost/additional-css-properties
Allow common CSS flex values
2 parents 18334ee + 7593e37 commit b23fd79

File tree

2 files changed

+26
-3
lines changed

2 files changed

+26
-3
lines changed

src/main/java/no/digipost/sanitizing/internal/ApiHtmlValidatorPolicy.java

Lines changed: 22 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,8 @@
3434
import static no.digipost.sanitizing.internal.ValidatorPatterns.ALIGN;
3535
import static no.digipost.sanitizing.internal.ValidatorPatterns.COLOR_NAME_OR_COLOR_CODE;
3636
import static no.digipost.sanitizing.internal.ValidatorPatterns.CSS_TYPE;
37+
import static no.digipost.sanitizing.internal.ValidatorPatterns.DIMENSION;
38+
import static no.digipost.sanitizing.internal.ValidatorPatterns.FLEX_BASIS;
3739
import static no.digipost.sanitizing.internal.ValidatorPatterns.HTML_CLASS;
3840
import static no.digipost.sanitizing.internal.ValidatorPatterns.HTML_ID;
3941
import static no.digipost.sanitizing.internal.ValidatorPatterns.HTML_TITLE;
@@ -83,15 +85,33 @@ final class ApiHtmlValidatorPolicy {
8385

8486
final Predicate<String> allowAllValuesPredicate = (value) -> true;
8587
final Map<String, Predicate<String>> propertyValueWhitelist = CSS_WHITELIST.stream().collect(Collectors.toMap(prop -> prop, prop -> allowAllValuesPredicate));
86-
//We need `clear`, `display` and `float` since diakonhjemme uses it (see skal_godta_diakonhjemmet_html()),
8788
propertyValueWhitelist.put("clear", allowAllValuesPredicate);
8889
propertyValueWhitelist.put("float", allowAllValuesPredicate);
89-
propertyValueWhitelist.put("display", value -> value.equals("block") || value.equals("inline-block") || value.equals("inline"));
90+
propertyValueWhitelist.put("display", value -> value.equals("block") || value.equals("inline-block") || value.equals("inline") || value.equals("flex"));
9091
propertyValueWhitelist.put("content", allowAllValuesPredicate);
92+
propertyValueWhitelist.put("flex-direction", value -> value.equals("row") || value.equals("column") || value.equals("row-reverse") || value.equals("column-reverse"));
93+
propertyValueWhitelist.put("flex-wrap", value -> value.equals("nowrap") || value.equals("wrap") || value.equals("wrap-reverse"));
94+
propertyValueWhitelist.put("justify-content", value -> value.equals("flex-start") || value.equals("flex-end") || value.equals("center") || value.equals("space-between") || value.equals("space-around") || value.equals("space-evenly"));
95+
propertyValueWhitelist.put("align-items", value -> value.equals("flex-start") || value.equals("flex-end") || value.equals("center") || value.equals("baseline") || value.equals("stretch"));
96+
propertyValueWhitelist.put("align-self", value -> value.equals("auto") || value.equals("flex-start") || value.equals("flex-end") || value.equals("center") || value.equals("baseline") || value.equals("stretch"));
97+
propertyValueWhitelist.put("gap", value -> DIMENSION.matcher(value).matches());
98+
propertyValueWhitelist.put("flex", ApiHtmlValidatorPolicy::validateFlexProperty);
9199

92100
CSS_PROPERTY_WHITELIST = Collections.unmodifiableMap(propertyValueWhitelist);
93101
}
94102

103+
private static boolean validateFlexProperty(String value) {
104+
String[] values = value.split("\\s+");
105+
if (values.length < 1 || values.length > 3) {
106+
return false;
107+
}
108+
boolean hasValidFlexGrowValue = NUMBER.matcher(values[0]).matches();
109+
boolean hasValidFlexShrinkValue = values.length < 2 || NUMBER.matcher(values[1]).matches();
110+
boolean hasValidFlexBasisValue = values.length < 3 || FLEX_BASIS.matcher(values[2]).matches();
111+
112+
return hasValidFlexGrowValue && hasValidFlexShrinkValue && hasValidFlexBasisValue;
113+
}
114+
95115
// Version 1 of policy. We used this policy before we introduced CSS-validation/-sanitation
96116
static final PolicyFactory V1_VALIDATE_ONLY_HTML_POLICY = new HtmlPolicyBuilder()
97117
.allowStyling(CssSchema.withProperties(CSS_WHITELIST))

src/main/java/no/digipost/sanitizing/internal/ValidatorPatterns.java

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,8 @@ final class ValidatorPatterns {
2525
// HTML/CSS Spec allows 3 or 6 digit hex to specify color
2626
static final Pattern COLOR_CODE = Pattern.compile("(?:#(?:[0-9a-fA-F]{3}(?:[0-9a-fA-F]{3})?))");
2727

28-
static final Pattern NUMBER_OR_PERCENT = Pattern.compile("[0-9]+%?");
28+
static final Pattern NUMBER_OR_PERCENT = Pattern.compile("[0-9]+%?");
29+
static final Pattern DIMENSION = Pattern.compile("^[0-9]+(%|px|em|rem)?$");
2930
static final Pattern PARAGRAPH = Pattern.compile("(?:[\\p{L}\\p{N},'.\\s\\-_()]|&[0-9]{2};)*");
3031
static final Pattern HTML_ID = Pattern.compile("[a-zA-Z0-9:\\-_.]+");
3132

@@ -42,6 +43,8 @@ final class ValidatorPatterns {
4243

4344
static final Pattern ALIGN = Pattern.compile("(?i)center|left|right|justify|char");
4445

46+
static final Pattern FLEX_BASIS = Pattern.compile("^(?:0|auto|content|\\d*\\.?\\d+(?:%|px|em|rem|))$");
47+
4548
static final Pattern VALIGN = Pattern.compile("(?i)baseline|bottom|middle|top");
4649

4750
static final Pattern TARGET_BLANK = Pattern.compile("_blank");

0 commit comments

Comments
 (0)