diff options
Diffstat (limited to 'lib')
| -rwxr-xr-x | lib/asciidoctor.rb | 5 | ||||
| -rw-r--r-- | lib/asciidoctor/backends/html5.rb | 2 | ||||
| -rw-r--r-- | lib/asciidoctor/document.rb | 11 |
3 files changed, 12 insertions, 6 deletions
diff --git a/lib/asciidoctor.rb b/lib/asciidoctor.rb index 63169603..2f3408a4 100755 --- a/lib/asciidoctor.rb +++ b/lib/asciidoctor.rb @@ -875,8 +875,9 @@ module Asciidoctor end # NOTE document cannot control this behavior if safe >= SafeMode::SERVER - if !stream_output && doc.attr?('basebackend-html') && doc.attr?('copycss') && - doc.attr?('linkcss') && DEFAULT_STYLESHEET_KEYS.include?(doc.attr('stylesheet')) + if !stream_output && doc.safe < SafeMode::SECURE && doc.attr?('basebackend-html') && + doc.attr?('copycss') && doc.attr?('linkcss') && + DEFAULT_STYLESHEET_KEYS.include?(doc.attr('stylesheet')) Helpers.require_library 'fileutils' outdir = doc.attr('outdir') stylesdir = doc.normalize_system_path(doc.attr('stylesdir'), outdir, diff --git a/lib/asciidoctor/backends/html5.rb b/lib/asciidoctor/backends/html5.rb index 3d1afaed..888af3ea 100644 --- a/lib/asciidoctor/backends/html5.rb +++ b/lib/asciidoctor/backends/html5.rb @@ -72,7 +72,7 @@ if DEFAULT_STYLESHEET_KEYS.include?(attr 'stylesheet') </style><% end elsif attr? :stylesheet - if attr? 'linkcss' %> + if @safe >= SafeMode::SECURE || (attr? 'linkcss') %> <link rel="stylesheet" href="<%= normalize_web_path((attr :stylesheet), (attr :stylesdir, '')) %>"><% else %> <style> diff --git a/lib/asciidoctor/document.rb b/lib/asciidoctor/document.rb index 10439587..f44da735 100644 --- a/lib/asciidoctor/document.rb +++ b/lib/asciidoctor/document.rb @@ -145,7 +145,6 @@ class Document < AbstractBlock @attributes['notitle'] = '' unless @options[:header_footer] @attributes['toc-placement'] = 'auto' @attributes['stylesheet'] = '' - @attributes['linkcss'] = '' # language strings # TODO load these based on language settings @@ -207,7 +206,7 @@ class Document < AbstractBlock end if @safe >= SafeMode::SERVER - # restrict document from setting linkcss, copycss, source-highlighter and backend + # restrict document from setting copycss, source-highlighter and backend @attribute_overrides['copycss'] ||= nil @attribute_overrides['source-highlighter'] ||= nil @attribute_overrides['backend'] ||= DEFAULT_BACKEND @@ -217,7 +216,7 @@ class Document < AbstractBlock end @attribute_overrides['docdir'] = '' if @safe >= SafeMode::SECURE - # assign linkcss (preventing css embedding) unless disabled from the commandline + # assign linkcss (preventing css embedding) unless explicitly disabled from the commandline or API unless @attribute_overrides.fetch('linkcss', '').nil? || @attribute_overrides.has_key?('linkcss!') @attribute_overrides['linkcss'] = '' end @@ -247,6 +246,12 @@ class Document < AbstractBlock verdict } + # special case like this can be removed once + # we move to a data table for attribute storage + #if @attributes['linkcss'].nil? + # @attributes.delete('linkcss') + #end + @attributes['backend'] ||= DEFAULT_BACKEND @attributes['doctype'] ||= DEFAULT_DOCTYPE update_backend_attributes |