File bug-809935_2-3-css_sanitize.patch of Package rubygem-actionpack-2_3

Overview Repositories Revisions Requests Users Attributes Meta

File bug-809935_2-3-css_sanitize.patch of Package rubygem-actionpack-2_3

diff --git a/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb b/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
index ae20f99..a05ea0b 100644
--- a/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
+++ b/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
@@ -106,8 +106,8 @@ module HTML
       style = style.to_s.gsub(/url\s*$\s*[^\s)]+?\s*$\s*/, ' ')
 
       # gauntlet
-      if style !~ /^([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|$[\d,\s]+$)*$/ ||
-          style !~ /^(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*$/
+      if style !~ /\A([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|$[\d,\s]+$)*\z/ ||
+          style !~ /\A(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*\z/
         return ''
       end
 
@@ -117,8 +117,8 @@ module HTML
           clean <<  prop + ': ' + val + ';'
         elsif shorthand_css_properties.include?(prop.split('-')[0].downcase) 
           unless val.split().any? do |keyword|
-            !allowed_css_keywords.include?(keyword) && 
-              keyword !~ /^(#[0-9a-f]+|rgb$\d+%?,\d*%?,?\d*%?$?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)$/
+            !allowed_css_keywords.include?(keyword) &&
+              keyword !~ /\A(#[0-9a-f]+|rgb$\d+%?,\d*%?,?\d*%?$?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)\z/
           end
             clean << prop + ': ' + val + ';'
           end
diff --git a/actionpack/test/controller/html-scanner/sanitizer_test.rb b/actionpack/test/controller/html-scanner/sanitizer_test.rb
index 9203251..561ebc5 100644
--- a/actionpack/test/controller/html-scanner/sanitizer_test.rb
+++ b/actionpack/test/controller/html-scanner/sanitizer_test.rb
@@ -249,6 +249,11 @@ class SanitizerTest < ActionController::TestCase
     assert_equal '', sanitize_css(raw)
   end
 
+  def test_should_sanitize_across_newlines
+    raw = %(\nwidth:\nexpression(alert('XSS'));\n)
+    assert_equal '', sanitize_css(raw)
+  end
+
   def test_should_sanitize_img_vbscript
     assert_sanitized %(<img src='vbscript:msgbox("XSS")' />), '<img />'
   end
-- 
1.8.1.1

Places

File bug-809935_2-3-css_sanitize.patch of Package rubygem-actionpack-2_3

Places