mj-saunders
/
epicyon
forked from indymedia/epicyon
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Check for dangerous css

main
Bob Mottram 2020-11-15 10:33:11 +00:00
parent f12b52165a
commit a7972ffba0
1 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
theme.py
View File

@ -12,6 +12,23 @@ from utils import saveJson
from shutil import copyfile from shutil import copyfile
def dangerousCSS(filename: str) -> bool:
"""Returns true is the css file contains code which
can create security problems
"""
if not os.path.isfile(filename):
return False
with open(filename, 'r') as fp:
css = fp.read()
cssMatches = ('behavior')
for match in cssMatches:
if match in css:
return True
return False
def getThemeFiles() -> []: def getThemeFiles() -> []:
return ('epicyon.css', 'login.css', 'follow.css', return ('epicyon.css', 'login.css', 'follow.css',
'suspended.css', 'calendar.css', 'blog.css', 'suspended.css', 'calendar.css', 'blog.css',
@ -186,7 +203,8 @@ def setThemeFromDict(baseDir: str, name: str,
templateFilename = \ templateFilename = \
baseDir + '/theme/' + name + '/epicyon-profile.css' baseDir + '/theme/' + name + '/epicyon-profile.css'
if not os.path.isfile(templateFilename): if dangerousCSS(templateFilename) or \
not os.path.isfile(templateFilename):
# use default css # use default css
templateFilename = baseDir + '/epicyon-' + filename templateFilename = baseDir + '/epicyon-' + filename
if filename == 'epicyon.css': if filename == 'epicyon.css':