From 9726a63c3303087145c8e3cba9182c76cbd861a3 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 15 Nov 2020 11:01:05 +0000
Subject: [PATCH] Extra checks on css

---
 content.py | 22 ++++++++++++++++++++++
 theme.py   | 18 +-----------------
 2 files changed, 23 insertions(+), 17 deletions(-)

diff --git a/content.py b/content.py
index 532668ffe..de178b9dd 100644
--- a/content.py
+++ b/content.py
@@ -181,6 +181,28 @@ def dangerousMarkup(content: str) -> bool:
     return False
 
 
+def dangerousCSS(filename: str) -> bool:
+    """Returns true is the css file contains code which
+    can create security problems
+    """
+    if not os.path.isfile(filename):
+        return False
+
+    with open(filename, 'r') as fp:
+        content = fp.read()
+
+        cssMatches = ('behavior:', ':expression', '?php')
+        for match in cssMatches:
+            if match in content:
+                return True
+
+        # an attacker can include html inside of the css
+        # file as a comment and this may then be run from the html
+        if dangerousMarkup(content):
+            return True
+    return False
+
+
 def switchWords(baseDir: str, nickname: str, domain: str, content: str) -> str:
     """Performs word replacements. eg. Trump -> The Orange Menace
     """
diff --git a/theme.py b/theme.py
index b62ed54bc..cef871e14 100644
--- a/theme.py
+++ b/theme.py
@@ -10,23 +10,7 @@ import os
 from utils import loadJson
 from utils import saveJson
 from shutil import copyfile
-
-
-def dangerousCSS(filename: str) -> bool:
-    """Returns true is the css file contains code which
-    can create security problems
-    """
-    if not os.path.isfile(filename):
-        return False
-
-    with open(filename, 'r') as fp:
-        css = fp.read()
-
-        cssMatches = ('behavior')
-        for match in cssMatches:
-            if match in css:
-                return True
-    return False
+from content import dangerousCSS
 
 
 def getThemeFiles() -> []: