Aurora.
Copy Markdown
CSS sanitization module that parses and filters CSS rules to prevent security vulnerabilities.
Key features:
- Enforces allowlist-based CSS property validation using regex patterns
- Removes dangerous CSS functions and protocols (javascript:, expression, etc.)
- Sanitizes URL functions to block malicious schemes
- Supports standard CSS types: elements, media queries, and keyframe animations
- Maintains CSS custom properties with --auix- prefix
- Provides detailed debug logging for validation issues
Constraints:
- Only processes CSS rule types: elements, media, and keyframe
- Rejects complex at-rules beyond @media and @keyframes
- Requires valid CSS syntax; malformed CSS may be partially processed
- Custom properties must follow --auix-[a-z-]+ naming convention
Summary
Functions
Sanitizes a raw CSS string by parsing it, enforcing an allowlist, and sanitizing URLs.
Validates all CSS rules from a theme module by applying sanitization.
Functions
Sanitizes a raw CSS string by parsing it, enforcing an allowlist, and sanitizing URLs.
This function:
- Parses CSS using CssParser
- Filters out disallowed rule types and properties
- Removes dangerous tokens and functions
- Sanitizes URL functions to block malicious protocols
- Reconstructs valid CSS from sanitized components
Parameters:
- css (String.t): Raw CSS string to sanitize
Returns:
- String.t: Sanitized CSS string with only allowed properties and safe URLs
Raises:
- (Logs) :error level for parsing failures with detailed context
Example:
# Basic sanitization
safe_css = Aurora.Uix.Templates.CssSanitizer.sanitize_css("color: red; background: url(javascript:alert());")
# => "color: red;"
# Media query preservation
safe_css = Aurora.Uix.Templates.CssSanitizer.sanitize_css("@media (min-width: 768px) { .container { display: flex; } }")
# => "@media (min-width: 768px) { .container { display: flex; } }"
# Malicious URL removal
safe_css = Aurora.Uix.Templates.CssSanitizer.sanitize_css("background: url(javascript:alert('xss'));")
# => ""@spec validate_theme_rules(module()) :: :ok
Validates all CSS rules from a theme module by applying sanitization.
This function configures the logger to debug level and processes each rule from the theme module through the CSS sanitization pipeline.
Parameters:
- theme_module (module): Theme module implementing rule_names/0 and rule/1 functions
Returns:
- :ok (implicitly) - logs validation results and errors
Example:
Aurora.Uix.Templates.CssSanitizer.validate_theme_rules(MyApp.Theme)