(새 문서: The '''CSS Sanitizer''' library implements a CSS tokenizer, parser, and grammar matcher in PHP that mostly follows the [https://www.w3.org/TR/2014/CR-css-syntax-3-20140220/ CSS Syntax Module Level 3 candidate recommendation dated 20 February 2014], the [https://www.w3.org/TR/2016/CR-css-values-3-20160929/ CSS Values and Units Module Level 3], and the [https://www.w3.org/TR/2011/REC-css3-selectors-20110929/ CSS Selectors Level 3] grammar. It also provides a sanitizer (<code>[http...)
 
잔글 ("Css-sanitizer" 문서를 보호했습니다 ([편집=관리자만 허용] (무기한) [이동=관리자만 허용] (무기한)))
 
(차이 없음)

2023년 5월 16일 (화) 03:39 기준 최신판

The CSS Sanitizer library implements a CSS tokenizer, parser, and grammar matcher in PHP that mostly follows the CSS Syntax Module Level 3 candidate recommendation dated 20 February 2014, the CSS Values and Units Module Level 3, and the CSS Selectors Level 3 grammar. It also provides a sanitizer (StylePropertySanitizer) that recognizes various CSS3 modules.

This library was developed for use in the TemplateStyles extension for MediaWiki.

Usage

use Wikimedia\CSS\Parser\Parser;
use Wikimedia\CSS\Sanitizer\StylesheetSanitizer;

/** Parse a stylesheet from a string **/

$parser = Parser::newFromString( $cssText );
$stylesheet = $parser->parseStylesheet();

/** Report any parser errors **/

foreach ( $parser->getParseErrors() as list( $code, $line, $pos ) ) {
	// $code is a string that should be suitable as a key for an i18n library.
	// See errors.md for details.
	$error = lookupI18nMessage( "css-parse-error-$code" );
	echo "Parse error: $error at line $line character $pos\n";
}

/** Apply sanitization to the stylesheet **/

// If you need to customize the defaults, copy the code of this method and
// modify it.
$sanitizer = StylesheetSanitizer::newDefault();
$newStylesheet = $sanitizer->sanitize( $stylesheet );

/** Report any sanitizer errors **/

foreach ( $sanitizer->getSanitizationErrors() as list( $code, $line, $pos ) ) {
	// $code is a string that should be suitable as a key for an i18n library.
	// See errors.md for details.
	$error = lookupI18nMessage( "css-sanitization-error-$code" );
	echo "Sanitization error: $error at line $line character $pos\n";
}

/** Convert the sanitized stylesheet back to text **/

$newText = (string)$newStylesheet;

// Or if you'd rather have it minified too
$minifiedText = Wikimedia\CSS\Util::stringify( $newStylesheet, [ 'minify' => true ] );

History

We required a CSS sanitizer with several properties:

  • Strict parsing according to modern standards.
  • Includes line and character position for all errors.
  • Configurable to limit unsafe constructs such as external URL references.
  • Errors are easily localizable.

We could not find a library that fit these requirements, so we created one.

External links

틀:PHPLibraryLinks