Commit Graph

8 Commits

Author SHA1 Message Date
Martin Probst e19bf70b47 feat(security): allow calc and gradient functions. (#13943)
PR Close #13943

Also includes support for # color notation in function arguments (common
in gradient functions).
2017-01-17 15:34:53 -06:00
Martin Probst 2d9d7f1310 fix(security): allow empty CSS values. (#9675) 2016-06-28 11:45:02 -07:00
ScottSWu ae75e3640a chore(lint): Added license headers to most TypeScript files
Relates to #9380
2016-06-23 09:47:54 -07:00
Martin Probst 5e12a95789 test(security): test case for quoted URL values.
Test case that fixes #8701. This is already supported with the latest sanitizer
changes, but it's good to have an explicit test case.
2016-05-26 09:39:23 -07:00
Martin Probst 15ae710d22 feat(security): allow url(...) style values.
Allows sanitized URLs for CSS properties. These can be abused for information
leakage, but only if the CSS rules are already set up to allow for it. That is,
an attacker cannot cause information leakage without controlling the style rules
present, or a very particular setup.

Fixes #8514.
2016-05-17 11:23:31 +02:00
Martin Probst 8b1b427195 feat(security): support transform CSS functions for sanitization.
Fixes part of #8514.
2016-05-14 13:25:45 +02:00
Martin Probst 3e68b7eb1f feat(security): warn users when sanitizing in dev mode.
This should help developers to figure out what's going on when the sanitizer
strips some input.

Fixes #8522.
2016-05-09 16:46:31 +02:00
Martin Probst 7b6c4d5acc feat(security): add tests for style sanitisation. 2016-05-09 16:00:24 +02:00