HyunJongSu (토론 | 기여) (새 문서: The '''CSS Sanitizer''' library implements a CSS tokenizer, parser, and grammar matcher in PHP that mostly follows the [https://www.w3.org/TR/2014/CR-css-syntax-3-20140220/ CSS Syntax Module Level 3 candidate recommendation dated 20 February 2014], the [https://www.w3.org/TR/2016/CR-css-values-3-20160929/ CSS Values and Units Module Level 3], and the [https://www.w3.org/TR/2011/REC-css3-selectors-20110929/ CSS Selectors Level 3] grammar. It also provides a sanitizer (<code>[http...) |
HyunJongSu (토론 | 기여) 잔글 ("Css-sanitizer" 문서를 보호했습니다 ([편집=관리자만 허용] (무기한) [이동=관리자만 허용] (무기한))) |
(차이 없음)
|
2023년 5월 16일 (화) 03:39 기준 최신판
The CSS Sanitizer library implements a CSS tokenizer, parser, and grammar matcher in PHP that mostly follows the CSS Syntax Module Level 3 candidate recommendation dated 20 February 2014, the CSS Values and Units Module Level 3, and the CSS Selectors Level 3 grammar. It also provides a sanitizer (StylePropertySanitizer
) that recognizes various CSS3 modules.
This library was developed for use in the TemplateStyles extension for MediaWiki.
Usage
use Wikimedia\CSS\Parser\Parser;
use Wikimedia\CSS\Sanitizer\StylesheetSanitizer;
/** Parse a stylesheet from a string **/
$parser = Parser::newFromString( $cssText );
$stylesheet = $parser->parseStylesheet();
/** Report any parser errors **/
foreach ( $parser->getParseErrors() as list( $code, $line, $pos ) ) {
// $code is a string that should be suitable as a key for an i18n library.
// See errors.md for details.
$error = lookupI18nMessage( "css-parse-error-$code" );
echo "Parse error: $error at line $line character $pos\n";
}
/** Apply sanitization to the stylesheet **/
// If you need to customize the defaults, copy the code of this method and
// modify it.
$sanitizer = StylesheetSanitizer::newDefault();
$newStylesheet = $sanitizer->sanitize( $stylesheet );
/** Report any sanitizer errors **/
foreach ( $sanitizer->getSanitizationErrors() as list( $code, $line, $pos ) ) {
// $code is a string that should be suitable as a key for an i18n library.
// See errors.md for details.
$error = lookupI18nMessage( "css-sanitization-error-$code" );
echo "Sanitization error: $error at line $line character $pos\n";
}
/** Convert the sanitized stylesheet back to text **/
$newText = (string)$newStylesheet;
// Or if you'd rather have it minified too
$minifiedText = Wikimedia\CSS\Util::stringify( $newStylesheet, [ 'minify' => true ] );
History
We required a CSS sanitizer with several properties:
- Strict parsing according to modern standards.
- Includes line and character position for all errors.
- Configurable to limit unsafe constructs such as external URL references.
- Errors are easily localizable.
We could not find a library that fit these requirements, so we created one.