z_css (zotonic_stdlib v1.28.1)
View SourceUtility functions for CSS processing. This sanitizer is used by the HTML sanitizer for processing style attributes. It can also be called independently to sanitize CSS.
This is a strict parser for a (big) subset of CSS. It does not support all CSS constructs. If a block of CSS is not valid according to this parser, it is rejected.
URLs in CSS are sanitized to "url()" to prevent external references.
The grammar is included in z_css_parser.yrl and the lexer is in z_css_lexer.xrl.
Summary
Functions
Parse a CSS binary or a token list. Return a parse tree of the css.
Sanitize a css string, remove all external URI references and injectable content.
Sanitize a css style tag, remove all external URI references and injectable content.
Tokenize a CSS string to binary, returns a list of tokens.
Types
-type charset() :: no_charset | {charset, string()}.
-type line() :: pos_integer().
-type medialist() :: [media()].
-type rules() :: list().
-type tk() ::
'{' | '}' | '[' | ']' | '(' | ')' | ',' | '.' | ':' | '/' | '-' | '+' | '*' | '>' | '=' |
badcomment | includes | dashmatch | string | bad_string | ident | hash | import_sym |
page_sym | media_sym | charset_sym | important_sym | ems | exs | length | angle | time |
freq | dimension | percentage | number | uri | bad_uri | function | literal.
-type tokens() :: [token()].
Functions
-spec parse(binary() | tokens()) -> {ok, stylesheet()} | {error, {line(), Error :: binary()}}.
Parse a CSS binary or a token list. Return a parse tree of the css.
-spec sanitize(Css :: binary()) -> {ok, Css :: binary()} | {error, {Line :: line(), Message :: binary()}}.
Sanitize a css string, remove all external URI references and injectable content.
-spec sanitize_style(Css :: binary() | string()) -> {ok, Css :: binary()} | {error, {Line :: line(), Message :: binary()}}.
Sanitize a css style tag, remove all external URI references and injectable content.
Tokenize a CSS string to binary, returns a list of tokens.