skorotkiewicz/rDrama
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

security: disallow import statements in CSS

Browse source
This commit is contained in:
justcool393 2023-02-25 15:21:49 -06:00 committed by Ben Rog-Wilhelm
parent 92bd7d50fa
commit 71406da834
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
files/helpers/sanitize.py
View file

@ -377,4 +377,5 @@ def validate_css(css:str) -> tuple[bool, str]:
practical concern) or causing styling issues with the rest of the page. practical concern) or causing styling issues with the rest of the page.
''' '''
if '</style' in css.lower(): return False, "Invalid CSS" if '</style' in css.lower(): return False, "Invalid CSS"
if '@import' in css.lower(): return False, "@import statements are not allowed"
return True, "" return True, ""