muchl / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
0 stars 0 forks source link

"*" - a star in front of css - classes or css - id elements #97

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
If I parse CSS like this

<style type="text/css">
#main {
  display: none;
}

I get the following result:

<style type="text/css">*#main {
    display: none;
}

The star will not be included if I put an html tag to the ID-Element or 
Class-Element like this

<style type="text/css">
div#main {
  display: none;
}

Then everything works fine. 

I still figured out that the batik-css-parser set the DefaultElementSelector 
which return a "*" in the toString() - method if no localName was set. But 
don't know why.

Original issue reported on code.google.com by nmaas...@googlemail.com on 14 Dec 2010 at 10:16

GoogleCodeExporter commented 8 years ago

Original comment by arshan.d...@gmail.com on 15 Dec 2010 at 10:32

GoogleCodeExporter commented 8 years ago
I'm not sure what the request is here. The output of the parser is well formed 
CSS for a selector based on the W3C CSS Spec:
"A simple selector is either a type selector or universal selector followed 
immediately by zero or more attribute selectors, ID selectors, or 
pseudo-classes, in any order. The simple selector matches if all of its 
components match."

From a behavior perspective, whether the universal selector (*)is there or not, 
the stylesheet should perform the same.

Aside from simply getting back unmodified CSS if there is nothing malicious, is 
there another use case that this behavior breaks?

We can consider changing the serialization of the cleaned CSS, but unless the 
use case is compelling, this will likely be a very low priority.

Original comment by li.jaso...@gmail.com on 16 Dec 2010 at 12:54

GoogleCodeExporter commented 8 years ago
Thats right, that's theoretical the same. But I as know the IE6 and IE7 have 
their own interpration of the star selector. Therefor it would be better in my 
opinion if the input of the author wouldn't be changed if it is not neccessary. 
As I know the star selector isn't mandatory.

Original comment by nmaas...@googlemail.com on 16 Dec 2010 at 7:56

GoogleCodeExporter commented 8 years ago
I understand. We will try to address this at some point in a future release.

Original comment by li.jaso...@gmail.com on 16 Dec 2010 at 8:03