prevent use of `url()` in injected styles

This commit is contained in:
gorhill 2016-07-18 15:43:03 -04:00
parent cdabab7da5
commit 41b20cac3f
1 changed files with 3 additions and 2 deletions

View File

@ -755,8 +755,9 @@ FilterContainer.prototype.isValidSelector = (function() {
} }
var reHasSelector = /^(.+?):has\((.+?)\)$/; var reHasSelector = /^(.+?):has\((.+?)\)$/;
var reStyleSelector = /^(.+?):style\((.+?)\)$/;
var reXpathSelector = /^:xpath\((.+?)\)$/; var reXpathSelector = /^:xpath\((.+?)\)$/;
var reStyleSelector = /^(.+?):style\((.+?)\)$/;
var reStyleBad = /url\([^)]+\)/;
// Keep in mind: https://github.com/gorhill/uBlock/issues/693 // Keep in mind: https://github.com/gorhill/uBlock/issues/693
var isValidCSSSelector = function(s) { var isValidCSSSelector = function(s) {
@ -793,7 +794,7 @@ FilterContainer.prototype.isValidSelector = (function() {
// `:style` selector? // `:style` selector?
matches = reStyleSelector.exec(s); matches = reStyleSelector.exec(s);
if ( matches !== null ) { if ( matches !== null ) {
return isValidCSSSelector(matches[1]); return isValidCSSSelector(matches[1]) && reStyleBad.test(matches[2]) === false;
} }
// Special `script:` filter? // Special `script:` filter?
if ( s.startsWith('script') ) { if ( s.startsWith('script') ) {