[Owasp-antisamy] What does ShorthandList mean in the config files?

Jason Li jason.li at owasp.org
Wed Dec 23 23:08:36 EST 2009


Dan,

You're on the right track with regards to how the shorthand list
works. The point of the shorthand list is essentially to refer to
other property "data types" that can make up the current property.

In the case of a property like background, it's made up of
background-color, background-image, background-repeat,
background-attachment and background-position "data types"

In the case of the 'margin' property, it's made up of a margin width
"data type", which is a positive length or a positive percentage.
These margin widths happen to *represent* the top, right, bottom and
left margins respectively.  But the "data type" for margin-top,
margin-right, margin-bottom and margin-left is a margin width. The
margin width is precisely the "data type"  that is defined in the
margin property.

So the shorthand list is not the semantic meaning of the property,
it's what data types are valid for the property. It's a subtle
distinction so I can see how you got confused.

Another good example of nested properties like this is the border
property. The border property consists of a border color, style and
width and happens to specify the all four borders. As a result, list
of valid values for a border property are any color (by regexp),
border-style datatype (by shorthand), and border-width datatype (by
shorthand). The same is true for border-top, border-left,
border-bottom and border-right.

These relationships are taken from the CSS specification and this
table from that spec might help visualize it better:
http://www.w3.org/TR/CSS21/propidx.html

Hopefully that clears things up - if not, feel free to ask more
questions to the list.

-Jason

On Wed, Dec 23, 2009 at 3:00 PM, Dan Rabe <dan.rabe at oracle.com> wrote:
> Could someone please give me a brief explanation of how shorthand-list works
> in the xml config files?
>
> I see one usage that makes sense to me: background. You can use background
> as a shorthand for setting several other background- properties:
>
> <property name="background" description="The 'background' property is a
> shorthand property for setting the individual background properties (i.e.,
> 'background-color', 'background-image', 'background-repeat',
> 'background-attachment' and 'background-position') at the same place in the
> style sheet.">
>     <literal-list>
>         <literal value="inherit"/>
>     </literal-list>
>     <shorthand-list>
>         <shorthand name="background-color"/>
>         <shorthand name="background-image"/>
>         <shorthand name="background-repeat"/>
>         <shorthand name="background-attachment"/>
>         <shorthand name="background-position"/>
>
>     </shorthand-list>
> </property>
>
> However, there are some other usages that don't make sense. For example,
> margin can be used as a shorthand for setting margin-top, margin-right,
> margin-bottom, and margin-left. But what I see in antisamy.xml is this:
> <property name="margin" description="">
>     <category-list>
>         <category value="visual"/>
>     </category-list>
>     <literal-list>
>         <literal value="inherit"/>
>         <literal value="auto"/>
>     </literal-list>
>     <regexp-list>
>         <regexp name="positiveLength"/>
>         <regexp name="positivePercentage"/>
>     </regexp-list>
> </property>
> <property name="margin-top" default="0" description="">
>     <category-list>
>         <category value="visual"/>
>     </category-list>
>     <literal-list>
>         <literal value="inherit"/>
>     </literal-list>
>     <shorthand-list>
>         <shorthand name="margin"/>
>     </shorthand-list>
> </property>
>
> This seems backwards to me. Shouldn't margin contain a shorthand-list for
> margin-top, margin-right, margin-bottom, margin-left?
>
> BTW, I'm looking at antisamy.xsd from the trunk, SVN revision 137.
>
> Thanks,
> --Dan
>
>
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy
>
>


More information about the Owasp-antisamy mailing list