解析并验证css的安全子集
reddit-cssfilter的Python项目详细描述
从reddit的源代码中提取的cssfilter.py。
此库允许您从用户中筛选“不安全”的css。
此库需要属性!:
使用此库时,reddit要求您将以下信息放入应用程序的splash或“about”部分。
EXHIBIT B. Attribution Information
Attribution Copyright Notice: Copyright (c) 2006-2015 reddit Inc. All Rights Reserved.
Attribution Phrase (not exceeding 10 words): Powered by reddit
Attribution URL: http://code.reddit.com
Graphic Image as provided in the Covered Code: http://code.reddit.com/reddit_logo.png
信息
解析并验证css的安全子集。
此验证的目标不是确保功能正确的样式表 但是样式表可以安全地显示给下游用户。这个 包括:
- 不生成对第三方主机的请求(信息泄漏)
- 在错误浏览器中通过奇怪语法的xss
除此之外,所有的努力都是为了让现代css的全部范围。
如何使用
importreddit_cssfilter.cssfiltercssfilter.validate_css(stylesheet,images)
Validate and re-serialize the user submitted stylesheet.
images is a mapping of subreddit image names to their URLs. The re-serialized stylesheet will have %%name%% tokens replaced with their appropriate URLs.
The return value is a two-tuple of the re-serialized (and minified) stylesheet and a list of errors. If the list is empty, the stylesheet is valid.
许可证
版权所有(c)2006-2015 Reddit Inc.保留所有权利。
公共归属许可证1.0版(CPAL)
完整的许可证在这里可用:reddit Inc. Common Public Attribution License Version 1.0 (CPAL)。