2017 © Pedro Peláez
 

library css-sanitizer

Classes to parse and sanitize CSS

image

wikimedia/css-sanitizer

Classes to parse and sanitize CSS

  • Saturday, July 28, 2018
  • by mediawiki
  • Repository
  • 14 Watchers
  • 3 Stars
  • 892 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 0 Forks
  • 0 Open issues
  • 8 Versions
  • 15 % Grown

The README.md

![Latest Stable Version] ![License], (*1)

Wikimedia CSS Parser & Sanitizer

This library implements a CSS tokenizer, parser and grammar matcher in PHP., (*2)

Usage

use Wikimedia\CSS\Parser\Parser;
use Wikimedia\CSS\Sanitizer\StylesheetSanitizer;

/** Parse a stylesheet from a string **/

$parser = Parser::newFromString( $cssText );
$stylesheet = $parser->parseStylesheet();

/** Report any parser errors **/

foreach ( $parser->getParseErrors() as list( $code, $line, $pos ) ) {
    // $code is a string that should be suitable as a key for an i18n library.
    // See errors.md for details.
    $error = lookupI18nMessage( "css-parse-error-$code" );
    echo "Parse error: $error at line $line character $pos\n";
}

/** Apply sanitization to the stylesheet **/

// If you need to customize the defaults, copy the code of this method and
// modify it.
$sanitizer = StylesheetSanitizer::newDefault();
$newStylesheet = $sanitizer->sanitize( $stylesheet );

/** Report any sanitizer errors **/

foreach ( $sanitizer->getSanitizationErrors() as list( $code, $line, $pos ) ) {
    // $code is a string that should be suitable as a key for an i18n library.
    // See errors.md for details.
    $error = lookupI18nMessage( "css-sanitization-error-$code" );
    echo "Sanitization error: $error at line $line character $pos\n";
}

/** Convert the sanitized stylesheet back to text **/

$newText = (string)$newStylesheet;

// Or if you'd rather have it minified too
$minifiedText = Wikimedia\CSS\Util::stringify( $newStylesheet, [ 'minify' => true ] );

Conformance

The library follows the following grammar specifications:, (*3)

The sanitizer recognizes the following CSS modules:, (*4)

And also, * The touch-action property from Pointer Events Level 2, 2019-04-04 * :dir() pseudo-class from Selectors Level 4, 2022-11-11 * Accessibility related media features from Media Queries Level 5 including prefers-reduced-motion, prefers-reduced-transparency, prefers-contrast and forced-colors. * light-dark() color function from Color Module Level 5, 2024-02-29, (*5)

Running tests

composer install --prefer-dist
composer test

Adding properties

CSS specifications typically contain a summary of value grammars in the property index section. These value grammars map directly to PHP code., (*6)

Component value types, (*7)

Syntax css-sanitizer code
foo new KeywordMatcher( 'foo' )
`foo \ bar|new KeywordMatcher( [ 'foo', 'bar' ] )`
<string> $matcherFactory->string()
<url> $matcherFactory->url()
<integer> $matcherFactory->integer()
<number> $matcherFactory->number()
<ratio> $matcherFactory->ratio()
<percentage> $matcherFactory->percentage()
<length> $matcherFactory->length()
<frequency> $matcherFactory->frequency()
<angle> $matcherFactory->angle()
<time> $matcherFactory->time()
<resolution> $matcherFactory->resolution()

Component value combinators, (*8)

Syntax css-sanitizer code
a b new Juxtaposition( [ a, b ] )
a && b UnorderedGroup::allOf( [ a, b ] )
`a \ | b|UnorderedGroup::someOf( [ a, b ] )`
`a \ b|new Alternative( [ a, b ] )`

Component value multipliers, (*9)

Syntax css-sanitizer code
a* Quantifier::star( a )
a+ Quantifier::plus( a )
a? Quantifier::optional( a )
a{3,4} Quantifier::count( a, 3, 4 )
a# Quantifier::hash( a )
a! new NonEmpty( a )

Releasing a new version

This package uses wikimedia/update-history and its conventions., (*10)

See https://www.mediawiki.org/wiki/UpdateHistory for details., (*11)

History

We required a CSS sanitizer with several properties:, (*12)

  • Strict parsing according to modern standards.
  • Includes line and character position for all errors.
  • Configurable to limit unsafe constructs such as external URL references.
  • Errors are easily localizable.

We could not find a library that fit these requirements, so we created one., (*13)

Additional release history is in HISTORY.md., (*14)

The Versions

28/07 2018

dev-master

9999999-dev https://www.mediawiki.org/wiki/Css-sanitizer

Classes to parse and sanitize CSS

  Sources   Download

Apache-2.0

The Requires

 

The Development Requires

by Brad Jorsch

18/04 2018

v1.0.6

1.0.6.0 https://www.mediawiki.org/wiki/Css-sanitizer

Classes to parse and sanitize CSS

  Sources   Download

Apache-2.0

The Requires

 

The Development Requires

by Brad Jorsch

02/04 2018

v1.0.5

1.0.5.0 https://www.mediawiki.org/wiki/Css-sanitizer

Classes to parse and sanitize CSS

  Sources   Download

Apache-2.0

The Requires

 

The Development Requires

by Brad Jorsch

27/02 2018

v1.0.4

1.0.4.0 https://www.mediawiki.org/wiki/Css-sanitizer

Classes to parse and sanitize CSS

  Sources   Download

Apache-2.0

The Requires

 

The Development Requires

by Brad Jorsch

17/01 2018

v1.0.3

1.0.3.0 https://www.mediawiki.org/wiki/Css-sanitizer

Classes to parse and sanitize CSS

  Sources   Download

Apache-2.0

The Requires

 

The Development Requires

by Brad Jorsch

13/06 2017

v1.0.2

1.0.2.0 https://www.mediawiki.org/wiki/Css-sanitizer

Classes to parse and sanitize CSS

  Sources   Download

Apache-2.0

The Requires

 

The Development Requires

by Brad Jorsch

06/06 2017

v1.0.1

1.0.1.0 https://www.mediawiki.org/wiki/Css-sanitizer

Classes to parse and sanitize CSS

  Sources   Download

Apache-2.0

The Requires

 

The Development Requires

by Brad Jorsch

06/04 2017

v1.0.0

1.0.0.0 https://www.mediawiki.org/wiki/Css-sanitizer

Classes to parse and sanitize CSS

  Sources   Download

Apache-2.0

The Requires

 

The Development Requires

by Brad Jorsch