Parse and validate a safe subset of CSS
Project description
cssfilter.py extracted from reddit’s source code.
This library allows you to filter “unsafe” css from your users.
This library requires attribution!:
When using this library, reddit requires you to put the following information in the splash or the “about” section of your application.
EXHIBIT B. Attribution Information
Attribution Copyright Notice: Copyright (c) 2006-2015 reddit Inc. All Rights Reserved.
Attribution Phrase (not exceeding 10 words): Powered by reddit
Attribution URL: http://code.reddit.com
Graphic Image as provided in the Covered Code: http://code.reddit.com/reddit_logo.png
Info
Parse and validate a safe subset of CSS.
The goal of this validation is not to ensure functionally correct stylesheets but rather that the stylesheet is safe to show to downstream users. This includes:
not generating requests to third party hosts (information leak)
xss via strange syntax in buggy browsers
Beyond that, every effort is made to allow the full gamut of modern CSS.
How to use
import reddit_cssfilter.cssfilter
cssfilter.validate_css(stylesheet, images)Validate and re-serialize the user submitted stylesheet.
images is a mapping of subreddit image names to their URLs. The re-serialized stylesheet will have %%name%% tokens replaced with their appropriate URLs.
The return value is a two-tuple of the re-serialized (and minified) stylesheet and a list of errors. If the list is empty, the stylesheet is valid.
Licence
Copyright (c) 2006-2015 reddit Inc. All Rights Reserved.
Common Public Attribution License Version 1.0 (CPAL)
The full license is available here: reddit Inc. Common Public Attribution License Version 1.0 (CPAL).
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
