1

what would it take to allow media queries through HTMLPurifier + CSStidy?

In other words, I am using these libraries:

require_once 'inc_php_classes/htmlpurifier-4_4_0/library/HTMLPurifier.auto.php';
require_once 'inc_php_classes/csstidy-1_3/class.csstidy.php';

...to sanitize admin-user input before I save it to database.. for populating an external style sheet ... and so it happens that any input media queries are getting munged.. e.g. this:

@media only screen and (min-width: 600px) and (max-width: 939px) {

becomes

@media only screen and min-width 600px and max-width 939px {

..which breaks the media query, at least in Chrome 18/Mac.

The form/input is used for creating custom style sheets for trusted admin users.. and they need media queries.. but even though they are trusted, I do not want to just drop use of CSStidy.. because of the off chance an admin goes AWOL, not to mention I want to clean their newbie CSS errors.

govinda
  • 1,683
  • 5
  • 20
  • 34

1 Answers1

1

Not sure, it's definitely not supported by vanilla HTML Purifier. It is reasonably plausible that CSSTidy does parse media selectors properly, so it's just a matter of teaching HTML Purifire not to strip them out.

Edward Z. Yang
  • 26,325
  • 16
  • 80
  • 110
  • Thanks Edward. This gets me started with a vague clue.. but if you could give me any more hints about *how* to teach HTML Purifier to not strip out those parenthesis and colons (the rest of the media query seems to remain untouched), then I would be grateful. I mean to do the work here.. just that HTML Purifier is bigger and more complicated than I can easily wrap my head around. Just need some more clues as I go. – govinda May 10 '12 at 19:30
  • 1
    Check library/HTMLPurifier/Filter/ExtractStyleBlocks.php, and you need to understand the format of the 'css' property of a CSS Tidy object. – Edward Z. Yang May 10 '12 at 23:17
  • hmmm. I am smart, but tired this week from pushing work, and less skilled than the code in library/HTMLPurifier/Filter/ExtractStyleBlocks.php. Not that I couldn't work through it and figure everything out.. but on account of time constraint and the amount of layering/detail, I would need some more documentation to make progress here, for this current project anyway. Thanks Edward for at least the sound bytes.. it gives a clue and is a lot nicer than anonymous silence. In case anyone can flesh out the picture more, please do. – govinda May 11 '12 at 01:58