Sophie

Sophie

distrib > Mandriva > 2010.0 > i586 > media > contrib-release > by-pkgid > 8b99df826c3b6cf56a1caaae5f931d50 > files > 1066

ruby-actionpack-2.3.4-1mdv2010.0.noarch.rpm

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html 
     PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>
  <title>sanitize_css (HTML::WhiteListSanitizer)</title>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
  <link rel="stylesheet" href="../../.././rdoc-style.css" type="text/css" media="screen" />
</head>
<body class="standalone-code">
  <pre><span class="ruby-comment cmt"># File lib/action_controller/vendor/html-scanner/html/sanitizer.rb, line 104</span>
    <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">sanitize_css</span>(<span class="ruby-identifier">style</span>)
      <span class="ruby-comment cmt"># disallow urls</span>
      <span class="ruby-identifier">style</span> = <span class="ruby-identifier">style</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp re">/url\s*\(\s*[^\s)]+?\s*\)\s*/</span>, <span class="ruby-value str">' '</span>)

      <span class="ruby-comment cmt"># gauntlet</span>
      <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">style</span> <span class="ruby-operator">!~</span> <span class="ruby-regexp re">/^([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\&quot;[\s\w]+\&quot;|\([\d,\s]+\))*$/</span> <span class="ruby-operator">||</span>
          <span class="ruby-identifier">style</span> <span class="ruby-operator">!~</span> <span class="ruby-regexp re">/^(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*$/</span>
        <span class="ruby-keyword kw">return</span> <span class="ruby-value str">''</span>
      <span class="ruby-keyword kw">end</span>

      <span class="ruby-identifier">clean</span> = []
      <span class="ruby-identifier">style</span>.<span class="ruby-identifier">scan</span>(<span class="ruby-regexp re">/([-\w]+)\s*:\s*([^:;]*)/</span>) <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">prop</span>,<span class="ruby-identifier">val</span><span class="ruby-operator">|</span>
        <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">allowed_css_properties</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">prop</span>.<span class="ruby-identifier">downcase</span>)
          <span class="ruby-identifier">clean</span> <span class="ruby-operator">&lt;&lt;</span>  <span class="ruby-identifier">prop</span> <span class="ruby-operator">+</span> <span class="ruby-value str">': '</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">val</span> <span class="ruby-operator">+</span> <span class="ruby-value str">';'</span>
        <span class="ruby-keyword kw">elsif</span> <span class="ruby-identifier">shorthand_css_properties</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">prop</span>.<span class="ruby-identifier">split</span>(<span class="ruby-value str">'-'</span>)[<span class="ruby-value">0</span>].<span class="ruby-identifier">downcase</span>) 
          <span class="ruby-keyword kw">unless</span> <span class="ruby-identifier">val</span>.<span class="ruby-identifier">split</span>().<span class="ruby-identifier">any?</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">keyword</span><span class="ruby-operator">|</span>
            <span class="ruby-operator">!</span><span class="ruby-identifier">allowed_css_keywords</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">keyword</span>) <span class="ruby-operator">&amp;&amp;</span> 
              <span class="ruby-identifier">keyword</span> <span class="ruby-operator">!~</span> <span class="ruby-regexp re">/^(#[0-9a-f]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)$/</span>
          <span class="ruby-keyword kw">end</span>
            <span class="ruby-identifier">clean</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">prop</span> <span class="ruby-operator">+</span> <span class="ruby-value str">': '</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">val</span> <span class="ruby-operator">+</span> <span class="ruby-value str">';'</span>
          <span class="ruby-keyword kw">end</span>
        <span class="ruby-keyword kw">end</span>
      <span class="ruby-keyword kw">end</span>
      <span class="ruby-identifier">clean</span>.<span class="ruby-identifier">join</span>(<span class="ruby-value str">' '</span>)
    <span class="ruby-keyword kw">end</span></pre>
</body>
</html>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional