Mercurial > p > roundup > code
view website/wiki/static/roundup/css/common.css @ 4880:ca692423e401
Different approach to fix XSS in issue2550817
Encapsulate the error/ok message append method as add_ok_message and
add_error_message. The new approach escapes the messages when appending
-- at a point in the code where we still know where the message comes
from. Escaping is the default but can bei turned off. This also fixes
issue2550836 where certain messages may contain links.
Another advantage of the new fix is that users don't need to change
installed trackers and are secure by default.
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Mon, 31 Mar 2014 18:19:23 +0200 |
| parents | 86c38b5aed66 |
| children |
line wrap: on
line source
/* common.css - MoinMoin Default Styles Copyright (c) 2001, 2002, 2003 by Juergen Hermann */ /* content styles */ /* links */ a.nonexistent, a.badinterwiki {color: #404040;} a.www:before {content: url(../img/moin-www.png); margin: 0 0.2em;} a.http:before {content: url(../img/moin-www.png); margin: 0 0.2em;} a.https:before {content: url(../img/moin-www.png); margin: 0 0.2em;} a.file:before {content: url(../img/moin-ftp.png); margin: 0 0.2em;} a.ftp:before {content: url(../img/moin-ftp.png); margin: 0 0.2em;} a.nntp:before {content: url(../img/moin-news.png); margin: 0 0.2em;} a.news:before {content: url(../img/moin-news.png); margin: 0 0.2em;} a.telnet:before, a.ssh:before {content: url(../img/moin-telnet.png); margin: 0 0.2em;} a.irc:before, a.ircs:before {content: url(../img/moin-telnet.png); margin: 0 0.2em;} a.mailto:before {content: url(../img/moin-email.png); margin: 0 0.2em;} a.attachment:before {content: url(../img/moin-attach.png); margin: 0 0.2em;} a.badinterwiki:before {content: url(../img/moin-inter.png); margin: 0 0.2em;} a.interwiki:before {content: url(../img/moin-inter.png); margin: 0 0.2em;} /* Headings */ li p { margin: .25em 0; } li.gap { margin-top: 0.5em; } a, img, img.drawing { border: 0; } dt { font-weight: bold; } pre { padding: 0.5em; font-family: courier, monospace; border: 1pt solid #dadada; background: #f5f5f5; white-space: pre; /* begin css 3 or browser specific rules - do not remove! see: http://forums.techguy.org/archive/index.php/t-249849.html */ white-space: pre-wrap; word-wrap: break-word; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; /* end css 3 or browser specific rules */ } pre.comment { background-color: #CCCCCC; color: red; padding: 0; margin: 0; border: 0; } pre.comment:before { content: url(../img/attention.png); } /* .comment css definition must be top of .red/.green/.blue or it won't work */ .comment { color: #555555; background-color: #DDDDFF; } .red { background-color: #FFCCCC; } .green { background-color: #CCFFCC; } .blue { background-color: #CCCCFF; } .yellow { background-color: #FFF29F; } .orange { background-color: #FFD59B; } .solid { border: 2px solid #000000; padding: 2px; } .dashed { border: 2px dashed #000000; padding: 2px; } .dotted { border: 2px dotted #000000; padding: 2px; } .left { text-align: left; } .center { text-align: center; } .right { text-align: right; } .justify { text-align: justify; } table { margin: 0.5em 0 0 0.5em; border-collapse: collapse; } th, td { padding: 0.25em 0.5em 0.25em 0.5em; border: 1px solid tan; } td p { margin: 0; padding: 0; } #pagebottom {clear: both;} /* standard rule ---- */ hr { height: 1px; background-color: #c0c0c0; border: none; } /* custom rules ----- to ---------- */ .hr1 {height: 2px;} .hr2 {height: 3px;} .hr3 {height: 4px;} .hr4 {height: 5px;} .hr5 {height: 6px;} .hr6 {height: 7px;} /* Replacement for deprecated html 3 <u> element and html 4 <strike> */ .u {text-decoration: underline;} .strike {text-decoration: line-through;} /* TableOfContents macro */ div.table-of-contents { border: 1px solid #bbbbbb; color: black; background-color: #eeeeee; font-size: 80%; text-align: left; margin: 0.5em 0 0.5em 1em; padding: 0.5em 0.75em 0.5em 0.5em; max-width: 50%; display: inline-table; } div.table-of-contents ol { margin: 0; padding: 0 0 0 2em; } div.table-of-contents ul { margin: 0; list-style:none; } div.table-of-contents li { margin:0; padding: 0; } p.table-of-contents-heading { font-weight:bold; padding:0; margin: 0 0 0.5em 0; letter-spacing: 0.075em; } /* Navigation macro */ table.navigation { background: #fff; margin: 0; } .footnotes ol { padding: 0 2em; margin: 0 0 1em; } .footnotes li { list-style: none; } .info { float: right; font-size: 0.7em; color: gray; } #pageinfo { margin-top: 2em; } /* eye catchers */ .warning { color: red; } .error { color: red; } strong.highlight { background-color: #ffcc99; padding: 1pt; } #credits img { vertical-align: middle; } /* Recent changes */ .recentchanges p { margin: 0.25em; } .recentchanges td { vertical-align: top; border: none; border-bottom: 1pt solid #F0ECE6; background: #F7F6F2; } .rcdaybreak td { background: tan; border: none; } .rcdaybreak td a { font-size: 0.88em; } .rcicon1, .rcicon2 { text-align: center; } .rcpagelink { width: 33%; } .rctime { font-size: 0.88em; white-space: nowrap; } .rceditor { white-space: nowrap; font-size: 0.88em; } .rccomment { width: 50%; color: gray; font-size: 0.88em; } .rcrss { float: right; } .recentchanges[dir="rtl"] .rcrss { float: left; } /* User Preferences */ .userpref table, .userpref td { border: none; } /* CSS for new code_area markup used by Colorizer and ParserBase */ div.codearea { /* the div makes the border */ margin: 0.5em 0; padding: 0; border: 1pt solid #AEBDCC; background-color: #F3F5F7; color: black; } div.codearea pre { /* the pre has no border and is inside the div */ margin: 0; padding: 10pt; border: none; } a.codenumbers { /* format of the line numbering link */ margin: 0 10pt; font-size: 0.85em; color: gray; } /* format of certain syntax spans */ div.codearea pre span.LineNumber {color: gray;} div.codearea pre span.ID {color: #000000;} div.codearea pre span.Operator {color: #0000C0;} div.codearea pre span.Char {color: #004080;} div.codearea pre span.Comment {color: #008000;} div.codearea pre span.Number {color: #0080C0;} div.codearea pre span.String {color: #004080;} div.codearea pre span.SPChar {color: #0000C0;} div.codearea pre span.ResWord {color: #A00000;} div.codearea pre span.ConsWord {color: #008080; font-weight: bold;} div.codearea pre span.Error {color: #FF8080; border: solid 1.5pt #FF0000;} div.codearea pre span.ResWord2 {color: #0080ff; font-weight: bold;} div.codearea pre span.Special {color: #0000ff;} div.codearea pre span.Preprc {color: #803999;} /* for diff parser */ div.codearea pre span.DiffAdded {color: #4876FF;} div.codearea pre span.DiffRemoved {color: #FF0000;} div.codearea pre span.DiffChanged {color: #FF7F50;} div.codearea pre span.DiffSeparator {color: #228B22; font-weight: bold} /* MonthCalendar css */ /* days without and with pages linked to them */ a.cal-emptyday { color: #777777; text-align: center; } a.cal-usedday { color: #000000; font-weight: bold; text-align: center; } /* general stuff: workdays, weekend, today */ td.cal-workday { background-color: #DDDDFF; text-align: center; } td.cal-weekend { background-color: #FFDDDD; text-align: center; } td.cal-today { background-color: #CCFFCC; border-style: solid; border-width: 2pt; text-align: center; } /* invalid places on the monthly calendar sheet */ td.cal-invalidday { background-color: #CCCCCC; } /* links to prev/next month/year */ a.cal-link { color: #000000; text-decoration: none; } th.cal-header { background-color: #DDBBFF; text-align: center; } /* for MonthCalendar mouseover info boxes */ TABLE.tip { color: black; background-color: #FF8888; font-size: small; font-weight: normal; border-style: solid; border-width: 1px; } TH.tip { background-color: #FF4444; font-weight: bold; text-align: center; } TD.tip { text-align: left; } *[dir="rtl"] TD.tip { text-align: right; } /* end MonthCalendar stuff */ #message .hint {font-style: italic;} #message .info { float: none; font-size: 1em; color: black; } #message .info:before {content: url('../img/icon-info.png'); margin: 0 0.2em;} #message .warning:before {content: url('../img/alert.png'); margin: 0 0.2em;} #message .error:before {content: url('../img/icon-error.png'); margin: 0 0.2em;}