z_css (zotonic_stdlib v1.29.0)

View Source

Utility functions for CSS processing. This sanitizer is used by the HTML sanitizer for processing style attributes. It can also be called independently to sanitize CSS.

This is a strict parser for a (big) subset of CSS. It does not support all CSS constructs. If a block of CSS is not valid according to this parser, it is rejected.

URLs in CSS are sanitized to "url()" to prevent external references.

The grammar is included in z_css_parser.yrl and the lexer is in z_css_lexer.xrl.

Summary

Types

charset/0
import/0
line/0
media/0
media_term/0
medialist/0
rules/0
stylesheet/0
tk/0
token/0
tokens/0

Functions

parse(B)

Parse a CSS binary or a token list. Return a parse tree of the css.

sanitize(Css)

Sanitize a css string, remove all external URI references and injectable content.

sanitize_style(Css)

Sanitize a css style tag, remove all external URI references and injectable content.

scan(Bs)

Tokenize a CSS string to binary, returns a list of tokens.

Types

charset/0

-type charset() :: no_charset | {charset, string()}.

import/0

-type import() :: no_import | {import, Uri :: token(), medialist()}.

line/0

-type line() :: pos_integer().

media/0

-type media() :: [media_term()].

media_term/0

-type media_term() :: token() | {media_feature, Name :: token(), Value :: term() | undefined}.

medialist/0

-type medialist() :: [media()].

rules/0

-type rules() :: list().

stylesheet/0

-type stylesheet() :: {stylesheet, charset(), import(), rules()}.

tk/0

-type tk() ::
          '{' | '}' | '[' | ']' | '(' | ')' | ',' | '.' | ':' | '/' | '-' | '+' | '*' | '>' | '=' |
          badcomment | includes | dashmatch | string | bad_string | ident | hash | import_sym |
          font_face_sym | page_sym | media_sym | charset_sym | important_sym | ems | exs | length |
          angle | time | freq | resolution | dimension | percentage | number | uri | bad_uri |
          function | literal.

token/0

-type token() :: {tk(), line(), string()}.

tokens/0

-type tokens() :: [token()].

Functions

parse(B)

-spec parse(binary() | tokens()) -> {ok, stylesheet()} | {error, {line(), Error :: binary()}}.

Parse a CSS binary or a token list. Return a parse tree of the css.

sanitize(Css)

-spec sanitize(Css :: binary()) ->
                  {ok, Css :: binary()} | {error, {Line :: line(), Message :: binary()}}.

Sanitize a css string, remove all external URI references and injectable content.

sanitize_style(Css)

-spec sanitize_style(Css :: binary() | string()) ->
                        {ok, Css :: binary()} | {error, {Line :: line(), Message :: binary()}}.

Sanitize a css style tag, remove all external URI references and injectable content.

scan(Bs)

-spec scan(string() | binary()) -> {ok, tokens()}.

Tokenize a CSS string to binary, returns a list of tokens.