disallow comments in css

2023-02-18 21:49:11 +02:00 · 2023-02-18 21:49:11 +02:00 · cd2d36e8ef
parent 44914cd166
commit cd2d36e8ef
1 changed files with 3 additions and 0 deletions
--- a/files/helpers/sanitize.py
+++ b/files/helpers/sanitize.py
@ -621,6 +621,9 @@ def validate_css(css):
 	if '@import' in css:
 		return False, "@import statements are not allowed!"

+	if '/**/' in css:
+		return False, "Comments are not allowed!"
+
 	for i in css_url_regex.finditer(css):
 		url = i.group(1)
 		if not is_safe_url(url):