prevent use of `url()` in injected styles

This commit is contained in:
gorhill 2016-07-18 15:43:03 -04:00
parent cdabab7da5
commit 41b20cac3f
1 changed files with 3 additions and 2 deletions

View File

@ -755,8 +755,9 @@ FilterContainer.prototype.isValidSelector = (function() {
}
var reHasSelector = /^(.+?):has\((.+?)\)$/;
var reStyleSelector = /^(.+?):style\((.+?)\)$/;
var reXpathSelector = /^:xpath\((.+?)\)$/;
var reStyleSelector = /^(.+?):style\((.+?)\)$/;
var reStyleBad = /url\([^)]+\)/;
// Keep in mind: https://github.com/gorhill/uBlock/issues/693
var isValidCSSSelector = function(s) {
@ -793,7 +794,7 @@ FilterContainer.prototype.isValidSelector = (function() {
// `:style` selector?
matches = reStyleSelector.exec(s);
if ( matches !== null ) {
return isValidCSSSelector(matches[1]);
return isValidCSSSelector(matches[1]) && reStyleBad.test(matches[2]) === false;
}
// Special `script:` filter?
if ( s.startsWith('script') ) {