Paths

Table of Contentst

Differential D16519

Added `-` to the whitelist for CSS rules
ClosedPublic
Actions

Authored by jcox on Sep 8 2016, 8:25 PM.

Details

Reviewers

epriestley

Group Reviewers

Blessed Reviewers

Maniphest Tasks

T11567: Allow dashes in monospace font preferences

Commits

rPf712ae718ccc: Added `-` to the whitelist for CSS rules

Summary

Fixes T11567. This way people can use things like sans-serif and -webkit-small-control for their "monospaced" font

Test Plan

I added the hyphen to the regex then was able to set my Monospaced Font to be anything with a hyphen in it.

I also tried to break it pretty extensively, but couldn't find anything that would let me write malicious CSS or JS.

Diff Detail

Repository

rP Phabricator

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

jcox updated this revision to Diff 39756.Sep 8 2016, 8:25 PM

jcox retitled this revision from to Added `-` to the whitelist for CSS rules.

jcox updated this object.

jcox edited the test plan for this revision. (Show Details)

jcox added a task: T11567: Allow dashes in monospace font preferences.

Herald added a reviewer: Blessed Reviewers. · View Herald TranscriptSep 8 2016, 8:25 PM

Herald added subscribers: yelirekim, epriestley. · View Herald Transcript

jcox edited the test plan for this revision. (Show Details)Sep 8 2016, 8:25 PM

jcox edited edge metadata.

Thanks!

This revision is now accepted and ready to land.Sep 8 2016, 8:26 PM

Closed by commit rPf712ae718ccc: Added `-` to the whitelist for CSS rules (authored by jcox, committed by jcox). · Explain WhySep 8 2016, 8:29 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

src/

applications/

settings/

setting/

PhabricatorMonospacedFontSetting.php

6 lines

Diff 39757

View Options

src/applications/settings/setting/PhabricatorMonospacedFontSetting.php

Added `-` to the whitelist for CSS rulesClosedPublicActions