Open sakhan19822 opened 8 years ago
sneha-patil-synacor
commented
5 years ago HtmlPolicyBuilder.allowStyling works for style attribute and not for style tag. Can CSS3 function exist in inline style attributes? https://stackoverflow.com/questions/9808233/is-it-possible-to-put-css-media-rules-inline
Just trying to understand purpose of this ticket.
mikesamuel
commented
5 years ago @sneha-patil-synacor Is your question related to this project or is it about CSS in general?
sneha-patil-synacor
commented
5 years ago CSS3 in general. CSS3 functions are not allowed in inline style attributes(thats what I understand from stackoverflow link above). Then what is the purpose of this ticket.
mikesamuel
commented
5 years ago @sneha-patil-synacor This project is not related to the W3 CSS specification.
https://github.com/w3c/csswg-drafts is the place for bugs with CSS specifications.
Some CSS functions are allowed in style attributes. For example: rgba(...).
<div style="color: rgba(0, 0, 0)"></div>Per CSS terminology, @media is not a function. It's called an "at rule" and is defined at CSS3/mediaqueries.
The content of a style attribute is a "declaration list" which can have an at rule.
sneha-patil-synacor
commented
5 years ago Thanks for clarification @mikesamuel With current library, at rule @media in style attribute get removed by sanitizer. Does it pose any security issue? If not, is there any open ticket to support it?
mikesamuel
commented
5 years ago @sneha-patil-synacor I believe there is neither a ticket for embedded at rules nor one for allowing media rules.
Support CSS3 functions like translate, rotate are removed from the HTML styling. These assist in the presentation of information to the end user.