Fix issue 1052: Properly parse the style attribute during sanitization
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2376 eee81c28-f429-11dd-99c0-75d572ba1dddmaster
parent
bc84fac91b
commit
936d9cc362
|
@ -8,8 +8,9 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
// Dependencies:
|
// Dependencies:
|
||||||
// 1) browser.js
|
// 1) jQuery
|
||||||
// 2) svgutils.js
|
// 2) browser.js
|
||||||
|
// 3) svgutils.js
|
||||||
|
|
||||||
var svgedit = svgedit || {};
|
var svgedit = svgedit || {};
|
||||||
|
|
||||||
|
@ -199,9 +200,11 @@ svgedit.sanitize.sanitizeSvg = function(node) {
|
||||||
p = props.length;
|
p = props.length;
|
||||||
while(p--) {
|
while(p--) {
|
||||||
var nv = props[p].split(":");
|
var nv = props[p].split(":");
|
||||||
|
var attrname = $.trim(nv[0]);
|
||||||
|
var attrval = $.trim(nv[1]);
|
||||||
// now check that this attribute is supported
|
// now check that this attribute is supported
|
||||||
if (allowedAttrs.indexOf(nv[0]) >= 0) {
|
if (allowedAttrs.indexOf(attrname) >= 0) {
|
||||||
node.setAttribute(nv[0],nv[1]);
|
node.setAttribute(attrname, attrval);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
node.removeAttribute('style');
|
node.removeAttribute('style');
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
<iframe src='draw_test.html' width='100%' height='70' scrolling='no'></iframe>
|
<iframe src='draw_test.html' width='100%' height='70' scrolling='no'></iframe>
|
||||||
<iframe src='units_test.html' width='100%' height='70' scrolling='no'></iframe>
|
<iframe src='units_test.html' width='100%' height='70' scrolling='no'></iframe>
|
||||||
<iframe src='path_test.html' width='100%' height='70' scrolling='no'></iframe>
|
<iframe src='path_test.html' width='100%' height='70' scrolling='no'></iframe>
|
||||||
|
<iframe src='sanitize_test.html' width='100%' height='70' scrolling='no'></iframe>
|
||||||
</body>
|
</body>
|
||||||
<script>
|
<script>
|
||||||
window.setTimeout(function() {
|
window.setTimeout(function() {
|
||||||
|
|
|
@ -0,0 +1,47 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<link rel='stylesheet' href='qunit/qunit.css' type='text/css'/>
|
||||||
|
<script type='text/javascript' src='../editor/jquery.js'></script>
|
||||||
|
<script type='text/javascript' src='../editor/browser.js'></script>
|
||||||
|
<script type='text/javascript' src='../editor/svgutils.js'></script>
|
||||||
|
<script type='text/javascript' src='../editor/sanitize.js'></script>
|
||||||
|
<script type='text/javascript' src='qunit/qunit.js'></script>
|
||||||
|
<script type='text/javascript'>
|
||||||
|
$(function() {
|
||||||
|
// log function
|
||||||
|
QUnit.log = function(result, message) {
|
||||||
|
if (window.console && window.console.log) {
|
||||||
|
window.console.log(result +' :: '+ message);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
var svgns = 'http://www.w3.org/2000/svg';
|
||||||
|
var svg = document.createElementNS(svgns, 'svg');
|
||||||
|
|
||||||
|
test('Test sanitizeSvg() strips ws from style attr', function() {
|
||||||
|
expect(2);
|
||||||
|
|
||||||
|
var rect = document.createElementNS(svgns, 'rect');
|
||||||
|
rect.setAttribute('style', 'stroke: blue ; stroke-width : 40;');
|
||||||
|
// sanitizeSvg() requires the node to have a parent and a document.
|
||||||
|
svg.appendChild(rect);
|
||||||
|
svgedit.sanitize.sanitizeSvg(rect);
|
||||||
|
|
||||||
|
equals(rect.getAttribute('stroke'), 'blue');
|
||||||
|
equals(rect.getAttribute('stroke-width'), '40');
|
||||||
|
});
|
||||||
|
|
||||||
|
});
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1 id='qunit-header'>Unit Tests for sanitize.js</h1>
|
||||||
|
<h2 id='qunit-banner'></h2>
|
||||||
|
<h2 id='qunit-userAgent'></h2>
|
||||||
|
<ol id='qunit-tests'>
|
||||||
|
</ol>
|
||||||
|
<div id='anchor' style='visibility:hidden'>
|
||||||
|
</div>
|
||||||
|
</body>
|
||||||
|
</html>
|
Loading…
Reference in New Issue