HomePhorge
Diffusion Phorge f712ae718ccc

Added `-` to the whitelist for CSS rules
f712ae718ccc
Actions

Description

Added - to the whitelist for CSS rules

Summary: Fixes T11567. This way people can use things like sans-serif and -webkit-small-control for their "monospaced" font

Test Plan:
I added the hyphen to the regex then was able to set my Monospaced Font to be anything with a hyphen in it.

I also tried to break it pretty extensively, but couldn't find anything that would let me write malicious CSS or JS.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, yelirekim

Maniphest Tasks: T11567

Differential Revision: https://secure.phabricator.com/D16519

Details

Provenance
Josh CoxAuthored on Sep 7 2016, 8:29 PM
themackabuPushed on Mar 25 2025, 8:07 PM
Parents
rP0030bda17ea3: Check if app is installed for user before displying
Branches
Unknown
Tags
Unknown

Event Timeline

Changes (1)

PathSize
src/
applications/
settings/
setting/

rPf712ae718ccc

View Options

src/applications/settings/setting/PhabricatorMonospacedFontSetting.php

Loading...