Delete at-rules that shouldn't have blocks if they have blocks.

rgrove · Apr 20, 2015 · 6555424 · 6555424
1 parent 69f152b
commit 6555424
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 5 deletions.
diff --git a/lib/sanitize/css.rb b/lib/sanitize/css.rb
@@ -77,10 +77,9 @@ def self.tree!(tree, config = {})
   def initialize(config = {})
     @config = Config.merge(Config::DEFAULT[:css], config[:css] || config)
 
+    @at_rules                 = Set.new(@config[:at_rules])
     @at_rules_with_properties = Set.new(@config[:at_rules_with_properties])
     @at_rules_with_styles     = Set.new(@config[:at_rules_with_styles])
-
-    @at_rules = @at_rules_with_properties + @at_rules_with_styles + @config[:at_rules]
   end
 
   # Sanitizes inline CSS style properties.
@@ -204,7 +203,6 @@ def tree!(tree)
   # current config doesn't allow this at-rule.
   def at_rule!(rule)
     name = rule[:name].downcase
-    return nil unless @at_rules.include?(name)
 
     if @at_rules_with_styles.include?(name)
       styles = Crass::Parser.parse_rules(rule[:block],
@@ -220,8 +218,10 @@ def at_rule!(rule)
 
       rule[:block] = tree!(props)
 
+    elsif @at_rules.include?(name)
+      return nil if rule.has_key?(:block)
     else
-      rule.delete(:block)
+      return nil
     end
 
     rule

diff --git a/test/test_sanitize_css.rb b/test/test_sanitize_css.rb
@@ -220,7 +220,7 @@
     end
   end
 
-  describe 'bugs' do
+  describe 'functionality' do
     before do
       @default = Sanitize::CSS.new
       @relaxed = Sanitize::CSS.new(Sanitize::Config::RELAXED[:css])
@@ -235,13 +235,21 @@
         @media (max-width: 720px) {
           p.foo > .bar { float: right; width: expression(body.scrollLeft + 50 + 'px'); }
           #baz { color: green; }
+
+          @media (orientation: portrait) {
+            #baz { color: red; }
+          }
         }
       ].strip
 
       @relaxed.stylesheet(css).must_equal %[
         @media (max-width: 720px) {
           p.foo > .bar { float: right;  }
           #baz { color: green; }
+
+          @media (orientation: portrait) {
+            #baz { color: red; }
+          }
         }
       ].strip
     end
@@ -270,5 +278,53 @@
 
       @relaxed.stylesheet(css).must_equal css
     end
+
+    describe ":at_rules" do
+      it "should remove blockless at-rules that aren't whitelisted" do
+        css = %[
+          @charset 'utf-8';
+          @import url('foo.css');
+          .foo { color: green; }
+        ].strip
+
+        @relaxed.stylesheet(css).strip.must_equal %[
+          .foo { color: green; }
+        ].strip
+      end
+
+      describe "when blockless at-rules are whitelisted" do
+        before do
+          @scss = Sanitize::CSS.new(Sanitize::Config.merge(Sanitize::Config::RELAXED[:css], {
+            :at_rules => ['charset', 'import']
+          }))
+        end
+
+        it "should not remove them" do
+          css = %[
+            @charset 'utf-8';
+            @import url('foo.css');
+            .foo { color: green; }
+          ].strip
+
+          @scss.stylesheet(css).must_equal %[
+            @charset 'utf-8';
+            @import url('foo.css');
+            .foo { color: green; }
+          ].strip
+        end
+
+        it "should remove them if they have invalid blocks" do
+          css = %[
+            @charset { color: green }
+            @import { color: green }
+            .foo { color: green; }
+          ].strip
+
+          @scss.stylesheet(css).strip.must_equal %[
+            .foo { color: green; }
+          ].strip
+        end
+      end
+    end
   end
 end