Bug-ish: Custom CSS using fonts with the word 'script' in

jodie
jodie

Howdy, adding a font-family to the custom CSS with the word 'script' in e.g. 'Dancing Script'  - causes a 'HTML not allowed' type message.

Comments

  • ragnarhawk
    Posts: 168

    Yeah, this is, at this time, a "feature".  OP does not like the letters "s c r i p t" anywhere in the CSS, including in selectors for its own classes.

    There are workarounds for the selectors, but I don't know of any for fonts.

    Hopefully if enough people speak up a fix will be moved up the priority list, but I know that they are concerned about accidentally allowing malicious scripting to be introduced.

  • thaen
    thaen
    Posts: 1,064

    @ragnarhawk has it.  I don't have a good answer on how to get around it for this scenario though.

    No promises on a fix, but @jodie, can you post a snippet of css that has the font-family in it so I can make sure I'm playing around with the right scenario?

    Obsidian Portal Developer

  • gastoff
    gastoff
    Posts: 136

    I could see this issue cropping up most often when dealing with fonts. The number of fonts that include the word "script" is remarkable. Almost as prevalent as "serif".

    image

  • ragnarhawk
    Posts: 168

    @thaen, if you could also figure out how to white list "description" in selectors, that would resolve the problems with class and ID selectors

    As you mentioned above, I realize "No promises", but it would be nice

  • thaen
    thaen
    Posts: 1,064

    @gastoff, great point!

    @ragnarhawk, also a great point.  Can you post an example of something that "should" work but doesn't, so I can make sure I'm solving the problem you want solved?

    Yeah if we can get 90% of cases handled with these specific tightly controlled exceptions, that'd be awesome.

    Obsidian Portal Developer

  • jodie
    jodie
    Posts: 82

    Yeah, fully understand that security trumps conveience any day. And it's not a priority I just found similar fonts with different names.



    image

    .handWrittenNote {

     font-family: 'Dancing Script', cursive;

    }

  • ragnarhawk
    Posts: 168 edited April 2021

    Hi @thaen,

    This is the css that I suggested that someone use:

     body.character-show .main-content .bio, body.character-show .tagline+div .content {background-color:#F5F5F510;}

    because this:

    body.character-show .main-content .bio, body.character-show .description .content {background-color:#F5F5F510;}

    is rejected for having "script" in it

    Post edited by ragnarhawk on
  • thaen
    thaen
    Posts: 1,064

    @jodie, @ragnarhawk, thanks for these!  Those are great specific examples!

    Obsidian Portal Developer

  • thaen
    thaen
    Posts: 1,064

    @jodie, @ragnarhawk, @gastoff,

    The word "description" (upper or lower case) should now work anywhere in the Custom CSS.

    And font-family declarations should now work with names of fonts that have "Script" in them.  The format needs to be like this for the "script" word to be allowed:

    font-family: 'Dancing Script'

    Let me know if you see any issues!

    Obsidian Portal Developer

Sign In or Register to comment.

March 2024
Wrath of the Highborn

Read the feature post on the blog
Return to Obsidian Portal

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Discussions