From cd2d36e8ef51a22524bf410cd70817b38f93f459 Mon Sep 17 00:00:00 2001
From: Aevann <randomname42029@gmail.com>
Date: Sat, 18 Feb 2023 21:49:11 +0200
Subject: [PATCH] disallow comments in css

---
 files/helpers/sanitize.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py
index 443d3d847..68bbf58bf 100644
--- a/files/helpers/sanitize.py
+++ b/files/helpers/sanitize.py
@@ -621,6 +621,9 @@ def validate_css(css):
 	if '@import' in css:
 		return False, "@import statements are not allowed!"
 
+	if '/**/' in css:
+		return False, "Comments are not allowed!"
+
 	for i in css_url_regex.finditer(css):
 		url = i.group(1)
 		if not is_safe_url(url):