...
Run Format

Source file src/html/template/css.go

Documentation: html/template

     1  // Copyright 2011 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package template
     6  
     7  import (
     8  	"bytes"
     9  	"fmt"
    10  	"unicode"
    11  	"unicode/utf8"
    12  )
    13  
    14  // endsWithCSSKeyword reports whether b ends with an ident that
    15  // case-insensitively matches the lower-case kw.
    16  func endsWithCSSKeyword(b []byte, kw string) bool {
    17  	i := len(b) - len(kw)
    18  	if i < 0 {
    19  		// Too short.
    20  		return false
    21  	}
    22  	if i != 0 {
    23  		r, _ := utf8.DecodeLastRune(b[:i])
    24  		if isCSSNmchar(r) {
    25  			// Too long.
    26  			return false
    27  		}
    28  	}
    29  	// Many CSS keywords, such as "!important" can have characters encoded,
    30  	// but the URI production does not allow that according to
    31  	// https://www.w3.org/TR/css3-syntax/#TOK-URI
    32  	// This does not attempt to recognize encoded keywords. For example,
    33  	// given "\75\72\6c" and "url" this return false.
    34  	return string(bytes.ToLower(b[i:])) == kw
    35  }
    36  
    37  // isCSSNmchar reports whether rune is allowed anywhere in a CSS identifier.
    38  func isCSSNmchar(r rune) bool {
    39  	// Based on the CSS3 nmchar production but ignores multi-rune escape
    40  	// sequences.
    41  	// https://www.w3.org/TR/css3-syntax/#SUBTOK-nmchar
    42  	return 'a' <= r && r <= 'z' ||
    43  		'A' <= r && r <= 'Z' ||
    44  		'0' <= r && r <= '9' ||
    45  		r == '-' ||
    46  		r == '_' ||
    47  		// Non-ASCII cases below.
    48  		0x80 <= r && r <= 0xd7ff ||
    49  		0xe000 <= r && r <= 0xfffd ||
    50  		0x10000 <= r && r <= 0x10ffff
    51  }
    52  
    53  // decodeCSS decodes CSS3 escapes given a sequence of stringchars.
    54  // If there is no change, it returns the input, otherwise it returns a slice
    55  // backed by a new array.
    56  // https://www.w3.org/TR/css3-syntax/#SUBTOK-stringchar defines stringchar.
    57  func decodeCSS(s []byte) []byte {
    58  	i := bytes.IndexByte(s, '\\')
    59  	if i == -1 {
    60  		return s
    61  	}
    62  	// The UTF-8 sequence for a codepoint is never longer than 1 + the
    63  	// number hex digits need to represent that codepoint, so len(s) is an
    64  	// upper bound on the output length.
    65  	b := make([]byte, 0, len(s))
    66  	for len(s) != 0 {
    67  		i := bytes.IndexByte(s, '\\')
    68  		if i == -1 {
    69  			i = len(s)
    70  		}
    71  		b, s = append(b, s[:i]...), s[i:]
    72  		if len(s) < 2 {
    73  			break
    74  		}
    75  		// https://www.w3.org/TR/css3-syntax/#SUBTOK-escape
    76  		// escape ::= unicode | '\' [#x20-#x7E#x80-#xD7FF#xE000-#xFFFD#x10000-#x10FFFF]
    77  		if isHex(s[1]) {
    78  			// https://www.w3.org/TR/css3-syntax/#SUBTOK-unicode
    79  			//   unicode ::= '\' [0-9a-fA-F]{1,6} wc?
    80  			j := 2
    81  			for j < len(s) && j < 7 && isHex(s[j]) {
    82  				j++
    83  			}
    84  			r := hexDecode(s[1:j])
    85  			if r > unicode.MaxRune {
    86  				r, j = r/16, j-1
    87  			}
    88  			n := utf8.EncodeRune(b[len(b):cap(b)], r)
    89  			// The optional space at the end allows a hex
    90  			// sequence to be followed by a literal hex.
    91  			// string(decodeCSS([]byte(`\A B`))) == "\nB"
    92  			b, s = b[:len(b)+n], skipCSSSpace(s[j:])
    93  		} else {
    94  			// `\\` decodes to `\` and `\"` to `"`.
    95  			_, n := utf8.DecodeRune(s[1:])
    96  			b, s = append(b, s[1:1+n]...), s[1+n:]
    97  		}
    98  	}
    99  	return b
   100  }
   101  
   102  // isHex reports whether the given character is a hex digit.
   103  func isHex(c byte) bool {
   104  	return '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F'
   105  }
   106  
   107  // hexDecode decodes a short hex digit sequence: "10" -> 16.
   108  func hexDecode(s []byte) rune {
   109  	n := '\x00'
   110  	for _, c := range s {
   111  		n <<= 4
   112  		switch {
   113  		case '0' <= c && c <= '9':
   114  			n |= rune(c - '0')
   115  		case 'a' <= c && c <= 'f':
   116  			n |= rune(c-'a') + 10
   117  		case 'A' <= c && c <= 'F':
   118  			n |= rune(c-'A') + 10
   119  		default:
   120  			panic(fmt.Sprintf("Bad hex digit in %q", s))
   121  		}
   122  	}
   123  	return n
   124  }
   125  
   126  // skipCSSSpace returns a suffix of c, skipping over a single space.
   127  func skipCSSSpace(c []byte) []byte {
   128  	if len(c) == 0 {
   129  		return c
   130  	}
   131  	// wc ::= #x9 | #xA | #xC | #xD | #x20
   132  	switch c[0] {
   133  	case '\t', '\n', '\f', ' ':
   134  		return c[1:]
   135  	case '\r':
   136  		// This differs from CSS3's wc production because it contains a
   137  		// probable spec error whereby wc contains all the single byte
   138  		// sequences in nl (newline) but not CRLF.
   139  		if len(c) >= 2 && c[1] == '\n' {
   140  			return c[2:]
   141  		}
   142  		return c[1:]
   143  	}
   144  	return c
   145  }
   146  
   147  // isCSSSpace reports whether b is a CSS space char as defined in wc.
   148  func isCSSSpace(b byte) bool {
   149  	switch b {
   150  	case '\t', '\n', '\f', '\r', ' ':
   151  		return true
   152  	}
   153  	return false
   154  }
   155  
   156  // cssEscaper escapes HTML and CSS special characters using \<hex>+ escapes.
   157  func cssEscaper(args ...interface{}) string {
   158  	s, _ := stringify(args...)
   159  	var b bytes.Buffer
   160  	r, w, written := rune(0), 0, 0
   161  	for i := 0; i < len(s); i += w {
   162  		// See comment in htmlEscaper.
   163  		r, w = utf8.DecodeRuneInString(s[i:])
   164  		var repl string
   165  		switch {
   166  		case int(r) < len(cssReplacementTable) && cssReplacementTable[r] != "":
   167  			repl = cssReplacementTable[r]
   168  		default:
   169  			continue
   170  		}
   171  		b.WriteString(s[written:i])
   172  		b.WriteString(repl)
   173  		written = i + w
   174  		if repl != `\\` && (written == len(s) || isHex(s[written]) || isCSSSpace(s[written])) {
   175  			b.WriteByte(' ')
   176  		}
   177  	}
   178  	if written == 0 {
   179  		return s
   180  	}
   181  	b.WriteString(s[written:])
   182  	return b.String()
   183  }
   184  
   185  var cssReplacementTable = []string{
   186  	0:    `\0`,
   187  	'\t': `\9`,
   188  	'\n': `\a`,
   189  	'\f': `\c`,
   190  	'\r': `\d`,
   191  	// Encode HTML specials as hex so the output can be embedded
   192  	// in HTML attributes without further encoding.
   193  	'"':  `\22`,
   194  	'&':  `\26`,
   195  	'\'': `\27`,
   196  	'(':  `\28`,
   197  	')':  `\29`,
   198  	'+':  `\2b`,
   199  	'/':  `\2f`,
   200  	':':  `\3a`,
   201  	';':  `\3b`,
   202  	'<':  `\3c`,
   203  	'>':  `\3e`,
   204  	'\\': `\\`,
   205  	'{':  `\7b`,
   206  	'}':  `\7d`,
   207  }
   208  
   209  var expressionBytes = []byte("expression")
   210  var mozBindingBytes = []byte("mozbinding")
   211  
   212  // cssValueFilter allows innocuous CSS values in the output including CSS
   213  // quantities (10px or 25%), ID or class literals (#foo, .bar), keyword values
   214  // (inherit, blue), and colors (#888).
   215  // It filters out unsafe values, such as those that affect token boundaries,
   216  // and anything that might execute scripts.
   217  func cssValueFilter(args ...interface{}) string {
   218  	s, t := stringify(args...)
   219  	if t == contentTypeCSS {
   220  		return s
   221  	}
   222  	b, id := decodeCSS([]byte(s)), make([]byte, 0, 64)
   223  
   224  	// CSS3 error handling is specified as honoring string boundaries per
   225  	// https://www.w3.org/TR/css3-syntax/#error-handling :
   226  	//     Malformed declarations. User agents must handle unexpected
   227  	//     tokens encountered while parsing a declaration by reading until
   228  	//     the end of the declaration, while observing the rules for
   229  	//     matching pairs of (), [], {}, "", and '', and correctly handling
   230  	//     escapes. For example, a malformed declaration may be missing a
   231  	//     property, colon (:) or value.
   232  	// So we need to make sure that values do not have mismatched bracket
   233  	// or quote characters to prevent the browser from restarting parsing
   234  	// inside a string that might embed JavaScript source.
   235  	for i, c := range b {
   236  		switch c {
   237  		case 0, '"', '\'', '(', ')', '/', ';', '@', '[', '\\', ']', '`', '{', '}':
   238  			return filterFailsafe
   239  		case '-':
   240  			// Disallow <!-- or -->.
   241  			// -- should not appear in valid identifiers.
   242  			if i != 0 && b[i-1] == '-' {
   243  				return filterFailsafe
   244  			}
   245  		default:
   246  			if c < utf8.RuneSelf && isCSSNmchar(rune(c)) {
   247  				id = append(id, c)
   248  			}
   249  		}
   250  	}
   251  	id = bytes.ToLower(id)
   252  	if bytes.Contains(id, expressionBytes) || bytes.Contains(id, mozBindingBytes) {
   253  		return filterFailsafe
   254  	}
   255  	return string(b)
   256  }
   257  

View as plain text