Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitize CSS #70

Closed
jhillyerd opened this issue Dec 30, 2017 · 3 comments
Closed

Sanitize CSS #70

jhillyerd opened this issue Dec 30, 2017 · 3 comments
Assignees
@jhillyerd
Labels
done feature
Milestone
v1.3.0

Comments

@jhillyerd
Copy link
Collaborator

jhillyerd commented Dec 30, 2017
edited

The initial HTML sanitizer implementation in #5 will remove all CSS. Ideally we should filter CSS in HTML emails, allowing a safe subset to be rendered.
@jhillyerd jhillyerd added this to the v1.3.x milestone Dec 30, 2017
@jhillyerd jhillyerd mentioned this issue Dec 30, 2017
Open
4 tasks
@jhillyerd
Copy link
Collaborator Author

CSS tokenizer: http://www.gorillatoolkit.org/pkg/css/scanner

Parser: https://github.com/napsy/go-css

@jhillyerd jhillyerd self-assigned this Jan 7, 2018
@jhillyerd
Copy link
Collaborator Author

bluemonday does not appear to have any sort of extension facility, so this is blocked on one of:

microcosm-cc/bluemonday#43
microcosm-cc/bluemonday#48
microcosm-cc/bluemonday#58

@jhillyerd
Copy link
Collaborator Author

Ended up implementing my own on top of the Go HTML tokenizer. This means emails get tokenized twice, but it's better than nothing!

@jhillyerd jhillyerd added done and removed blocked labels Feb 28, 2018
@jhillyerd jhillyerd modified the milestones: v1.3.x, v1.3.0, v1.2.1 Feb 28, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jhillyerd jhillyerd

Labels
done feature
Projects
None yet
Milestone
v1.3.0
Development

No branches or pull requests
1 participant
@jhillyerd