Skip to content

Commit

Permalink
feat: support SVG 1.0 extended color keywords
Browse files Browse the repository at this point in the history
Closes #243
  • Loading branch information
flavorjones committed Sep 13, 2022
1 parent d1e7d2e commit 4d517ac
Show file tree
Hide file tree
Showing 3 changed files with 171 additions and 0 deletions.
7 changes: 7 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
# Changelog

## unreleased

### Features

* Allow SVG 1.0 color keyword names in CSS attributes. These colors are part of the [CSS Color Module Level 3](https://www.w3.org/TR/css-color-3/#svg-color) recommendation released 2022-01-18. [[#243](https://github.com/flavorjones/loofah/issues/243)]


## 2.18.0 / 2022-05-11

### Features
Expand Down
146 changes: 146 additions & 0 deletions lib/loofah/html5/safelist.rb
Original file line number Diff line number Diff line change
Expand Up @@ -742,7 +742,153 @@ module SafeList

# https://www.w3.org/TR/css-color-3/#svg-color
ACCEPTABLE_CSS_EXTENDED_COLORS = Set.new([
"aliceblue",
"antiquewhite",
"aqua",
"aquamarine",
"azure",
"beige",
"bisque",
"black",
"blanchedalmond",
"blue",
"blueviolet",
"brown",
"burlywood",
"cadetblue",
"chartreuse",
"chocolate",
"coral",
"cornflowerblue",
"cornsilk",
"crimson",
"cyan",
"darkblue",
"darkcyan",
"darkgoldenrod",
"darkgray",
"darkgreen",
"darkgrey",
"darkkhaki",
"darkmagenta",
"darkolivegreen",
"darkorange",
"darkorchid",
"darkred",
"darksalmon",
"darkseagreen",
"darkslateblue",
"darkslategray",
"darkslategrey",
"darkturquoise",
"darkviolet",
"deeppink",
"deepskyblue",
"dimgray",
"dimgrey",
"dodgerblue",
"firebrick",
"floralwhite",
"forestgreen",
"fuchsia",
"gainsboro",
"ghostwhite",
"gold",
"goldenrod",
"gray",
"green",
"greenyellow",
"grey",
"honeydew",
"hotpink",
"indianred",
"indigo",
"ivory",
"khaki",
"lavender",
"lavenderblush",
"lawngreen",
"lemonchiffon",
"lightblue",
"lightcoral",
"lightcyan",
"lightgoldenrodyellow",
"lightgray",
"lightgreen",
"lightgrey",
"lightpink",
"lightsalmon",
"lightseagreen",
"lightskyblue",
"lightslategray",
"lightslategrey",
"lightsteelblue",
"lightyellow",
"lime",
"limegreen",
"linen",
"magenta",
"maroon",
"mediumaquamarine",
"mediumblue",
"mediumorchid",
"mediumpurple",
"mediumseagreen",
"mediumslateblue",
"mediumspringgreen",
"mediumturquoise",
"mediumvioletred",
"midnightblue",
"mintcream",
"mistyrose",
"moccasin",
"navajowhite",
"navy",
"oldlace",
"olive",
"olivedrab",
"orange",
"orangered",
"orchid",
"palegoldenrod",
"palegreen",
"paleturquoise",
"palevioletred",
"papayawhip",
"peachpuff",
"peru",
"pink",
"plum",
"powderblue",
"purple",
"red",
"rosybrown",
"royalblue",
"saddlebrown",
"salmon",
"sandybrown",
"seagreen",
"seashell",
"sienna",
"silver",
"skyblue",
"slateblue",
"slategray",
"slategrey",
"snow",
"springgreen",
"steelblue",
"tan",
"teal",
"thistle",
"tomato",
"turquoise",
"violet",
"wheat",
"white",
"whitesmoke",
"yellow",
"yellowgreen",
])

# see https://www.quackit.com/css/functions/
Expand Down
18 changes: 18 additions & 0 deletions test/html5/test_scrub_css.rb
Original file line number Diff line number Diff line change
Expand Up @@ -58,4 +58,22 @@ class UnitHTML5Scrub < Loofah::TestCase
assert_empty(Loofah::HTML5::Scrub.scrub_css(%q(font-family:"AvenirNext-Regular';)))
end
end

describe "colors" do
it "allows basic and extended colors" do
text = %q(background-color:blue;)
assert_equal(text, Loofah::HTML5::Scrub.scrub_css(text))

text = %q(background-color:brown;)
assert_equal(text, Loofah::HTML5::Scrub.scrub_css(text))

text = %q(background-color:lightblue;)
assert_equal(text, Loofah::HTML5::Scrub.scrub_css(text))
end

it "does not allow non-colors" do
text = %q(background-color:blurple;)
assert_empty(Loofah::HTML5::Scrub.scrub_css(text))
end
end
end

0 comments on commit 4d517ac

Please sign in to comment.