Skip to content

Commit

Permalink
Add var css function name to safestyle allowlist.
Browse files Browse the repository at this point in the history 
https://developer.mozilla.org/en-US/docs/Web/CSS/var()

Note that safestyle doesn't currently allow nested function calls in the args list.
RELNOTES: Add `var` css function name to safestyle allowlist.
PiperOrigin-RevId: 385539515
Change-Id: If05e81d6bc6bff516960a41b1530869ae75913ae
  • Loading branch information
Closure Team authored and Copybara-Service committed Jul 19, 2021
1 parent 5231a0b commit 1ba2249
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 0 deletions.
1 change: 1 addition & 0 deletions closure/goog/html/safestyle.js
View file
Expand Up @@ -534,6 +534,7 @@ const ALLOWED_FUNCTIONS = [
'rgb',
'rgba',
'(rotate|scale|translate)(X|Y|Z|3d)?',
'var',
];


Expand Down
9 changes: 9 additions & 0 deletions closure/goog/html/safestyle_test.js
View file
Expand Up @@ -176,6 +176,15 @@ testSuite({
{'transform': 'translateX(5px)'});
},

testCreate_allowsVar() {
assertCreateEquals(
'color:var(--xyz);', // expected
{'color': 'var(--xyz)'});
assertCreateEquals(
'color:var(--xyz, black);', // expected
{'color': 'var(--xyz, black)'});
},

testCreate_allowsSafeUrl() {
assertCreateEquals('background:url("http://example.com");', {
'background': SafeUrl.fromConstant(Const.from('http://example.com')),
Expand Down

0 comments on commit 1ba2249

Please sign in to comment.