Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New methods for excluding elements with specific missing or empty attributes #45

Open
wants to merge 30 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
73b68bc
+Added HtmlPolicyBuilder methods for excluding elements with specific…
Oct 9, 2015
e75d980
Reverted changes
Oct 9, 2015
ea02e71
added methods for excluding elements with specific empty or missing a…
Oct 9, 2015
2537933
Added TestCase for disallowWithoutAttribute()
Nov 9, 2015
e6dd2ea
s/master/main/ for default branch
mikesamuel Jun 15, 2020
f3f56d4
Release candidate 20200615.1
mikesamuel Jun 15, 2020
fd6b2dd
Bumped dev version
mikesamuel Jun 15, 2020
eb6ef02
Do not lcase element or attribute names that match SVG or MathML name…
mikesamuel Jul 13, 2020
25c3d64
Release candidate 20200713.1
mikesamuel Jul 13, 2020
ffe5cfa
Bumped dev version
mikesamuel Jul 13, 2020
c7db2d4
we use spotbugs now instead of findbugs
mikesamuel Jul 13, 2020
ca40697
s/master/main/ in doc URLs
mikesamuel Jul 13, 2020
af0ca83
Bump junit from 4.12 to 4.13.1 in /parent (#215)
dependabot[bot] Dec 7, 2020
acaf3f2
hsl and hsla (#216)
aakritisi Dec 9, 2020
33d319f
Fix code formatting lint checks (#217)
mikesamuel Dec 14, 2020
020d5d0
Fixed allowAtributes("style").globally() (#218)
aakritisi Dec 21, 2020
ad287c3
Upgrade to a modern guava dependency
mikesamuel May 13, 2021
be33ec6
Render style tag content more strictly.
mikesamuel Oct 18, 2021
374ea2f
Release candidate 20211018.1
mikesamuel Oct 18, 2021
7d76ba9
Bumped dev version
mikesamuel Oct 18, 2021
e2b29e8
Update vulnerabilities.md
mikesamuel Oct 18, 2021
14f84fd
Recognize that `<style>` is not really workable inside `<select>`
mikesamuel Oct 18, 2021
62a0715
Release candidate 20211018.2
mikesamuel Oct 18, 2021
06b299c
Bumped dev version
mikesamuel Oct 18, 2021
5372c74
Decode attribute content differently from text node content (#255)
mikesamuel Jun 8, 2022
c2c74fc
Fix missing null checks in uses of consumeIdentOrUrlOrFunctions (#266)
mikesamuel Jun 8, 2022
e35ef4f
Release candidate 20220608.1
mikesamuel Jun 8, 2022
3756979
Bumped dev version
mikesamuel Jun 8, 2022
0372f4f
Merge branch 'OWASP:master' into master
forum-is Nov 29, 2022
ccb4c18
Merge remote-tracking branch 'upstream/main'
forum-is Jan 5, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 9 additions & 9 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# OWASP Java HTML Sanitizer

[<img src="https://travis-ci.org/OWASP/java-html-sanitizer.svg">](https://travis-ci.org/OWASP/java-html-sanitizer) [![Coverage Status](https://coveralls.io/repos/github/OWASP/java-html-sanitizer/badge.svg?branch=master)](https://coveralls.io/github/OWASP/java-html-sanitizer?branch=master) [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/2602/badge)](https://bestpractices.coreinfrastructure.org/projects/2602) [![Maven Central](https://maven-badges.herokuapp.com/maven-central/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/badge.png?style=plastic)](https://search.maven.org/artifact/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer)
[<img src="https://travis-ci.org/OWASP/java-html-sanitizer.svg">](https://travis-ci.org/OWASP/java-html-sanitizer) [![Coverage Status](https://coveralls.io/repos/github/OWASP/java-html-sanitizer/badge.svg?branch=main)](https://coveralls.io/github/OWASP/java-html-sanitizer?branch=main) [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/2602/badge)](https://bestpractices.coreinfrastructure.org/projects/2602) [![Maven Central](https://maven-badges.herokuapp.com/maven-central/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/badge.png?style=plastic)](https://search.maven.org/artifact/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer)


A fast and easy to configure HTML Sanitizer written in Java which lets
Expand Down Expand Up @@ -35,7 +35,7 @@ how to get started with or without Maven.
## Prepackaged Policies

You can use
[prepackaged policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20191001.1/org/owasp/html/Sanitizers.html):
[prepackaged policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/org/owasp/html/Sanitizers.html):

```Java
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
Expand All @@ -45,9 +45,9 @@ String safeHTML = policy.sanitize(untrustedHTML);
## Crafting a policy

The
[tests](https://github.com/OWASP/java-html-sanitizer/blob/master/src/test/java/org/owasp/html/HtmlPolicyBuilderTest.java)
[tests](https://github.com/OWASP/java-html-sanitizer/blob/main/src/test/java/org/owasp/html/HtmlPolicyBuilderTest.java)
show how to configure your own
[policy](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20191001.1/org/owasp/html/HtmlPolicyBuilder.html):
[policy](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/org/owasp/html/HtmlPolicyBuilder.html):

```Java
PolicyFactory policy = new HtmlPolicyBuilder()
Expand All @@ -62,7 +62,7 @@ String safeHTML = policy.sanitize(untrustedHTML);
## Custom Policies

You can write
[custom policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20191001.1/org/owasp/html/ElementPolicy.html)
[custom policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/org/owasp/html/ElementPolicy.html)
to do things like changing `h1`s to `div`s with a certain class:

```Java
Expand All @@ -85,7 +85,7 @@ need to be explicitly whitelisted using the `allowWithoutAttributes()`
method if you want them to be allowed through the filter when these
elements do not include any attributes.

[Attribute policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20191001.1/org/owasp/html/AttributePolicy.html) allow running custom code too. Adding an attribute policy will not water down any default policy like `style` or URL attribute checks.
[Attribute policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/org/owasp/html/AttributePolicy.html) allow running custom code too. Adding an attribute policy will not water down any default policy like `style` or URL attribute checks.

```Java
new HtmlPolicyBuilder = new HtmlPolicyBuilder()
Expand Down Expand Up @@ -153,7 +153,7 @@ of the output.

## Telemetry

When a policy rejects an element or attribute it notifies an [HtmlChangeListener](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20191001.1/org/owasp/html/HtmlChangeListener.html).
When a policy rejects an element or attribute it notifies an [HtmlChangeListener](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/org/owasp/html/HtmlChangeListener.html).

You can use this to keep track of policy violation trends and find out when someone
is making an effort to breach your security.
Expand Down Expand Up @@ -187,7 +187,7 @@ used HTML parsers will agree on the meaning of, but the absence of
notifications does not mean that the input is in such a sub-set,
only that it does not contain elements or attributes that were removed.

See ["Why sanitize when you can validate"](https://github.com/OWASP/java-html-sanitizer/blob/master/docs/html-validation.md) for more on this topic.
See ["Why sanitize when you can validate"](https://github.com/OWASP/java-html-sanitizer/blob/main/docs/html-validation.md) for more on this topic.

## Questions?

Expand All @@ -206,7 +206,7 @@ We welcome [issue reports](https://github.com/OWASP/java-html-sanitizer/issues)
PRs that change behavior or that add functionality should include both positive and
[negative tests](https://www.guru99.com/negative-testing.html).

Please be aware that contributions fall under the [Apache 2.0 License](https://github.com/OWASP/java-html-sanitizer/blob/master/COPYING).
Please be aware that contributions fall under the [Apache 2.0 License](https://github.com/OWASP/java-html-sanitizer/blob/main/COPYING).

## Credits

Expand Down
4 changes: 2 additions & 2 deletions RELEASE-checklist.sh
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f aggregate
echo
echo Browse to
echo "file://$PWD/target/site"
echo and check the findbugs and jacoco reports.
echo and check the spotbugs and jacoco reports.

echo
echo Check https://central.sonatype.org/pages/apache-maven.html#nexus-staging-maven-plugin-for-deployment-and-release
Expand Down Expand Up @@ -92,7 +92,7 @@ find . -name pom.xml \

git commit -am "Bumped dev version"

git push origin master --tags
git push origin main --tags

# Now Release
echo '1. Go to oss.sonatype.org'
Expand Down
4 changes: 2 additions & 2 deletions aggregate/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,12 @@
<groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
<artifactId>aggregate</artifactId>
<packaging>pom</packaging>
<version>20191001.2-SNAPSHOT</version>
<version>20220608.2-SNAPSHOT</version>
<parent>
<relativePath>../parent</relativePath>
<groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
<artifactId>parent</artifactId>
<version>20191001.2-SNAPSHOT</version>
<version>20220608.2-SNAPSHOT</version>
</parent>

<modules>
Expand Down
29 changes: 23 additions & 6 deletions change_log.md
Original file line number Diff line number Diff line change
@@ -1,13 +1,30 @@
# OWASP Java HTML Sanitizer Change Log

Additional detail can be found at https://github.com/OWASP/java-html-sanitizer/releases
.

Most recent at top.
* Release 20220608.1
* Fix bugs in CSS tokenization
* Fix deocding of HTML character references that lack semicolons
like `&para` in HTML attribute values that affected
URL query parameters.
* Release 20211018.2
* Changes how we avoid problems with special tags inside &lt;select&gt; elements. We recommend using this version over v20211018.1.
* Tweak how we address CVE-2021-42575 to be more tailored and to
interfere less with `<style>` element content in general. We
still advise not allowing attacker controlled `<style>` content.
* Release 20211018.1
* This release fixes a vulnerability as tracked by CVE-2021-42575
* Fix [CVE-2021-42575](https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/edit#)
* Changes rendering of `<style>` elements by wrapping text content
in HTML comments and CDATA section tags so that even when
content is not treated as CDATA, it will not be treated as
active content.
* Release 20200713.1
* Improves SVG and MathML support.
* Do not lower-case SVG/MathML names.
This shouldn't cause problems since it was hard to write policies for
SBG, but be aware that SVG's `<textArea>` is now distinct from HTML's `<textarea>`.
* Release 20200615.1
* Change `.and` when combining two policies to respect explicit `skipIfEmpty` decisions.
* HTML entity decoding now follows HTML standard rules about when a semicolon is optional.
[Fixes #193](https://github.com/OWASP/java-html-sanitizer/issues/193)
* Fix table formatting [#137](https://github.com/OWASP/java-html-sanitizer/issues/137)
* Release 20191001.1
* Package as an OSGI bundle
* Release 20190610.1
Expand Down
1 change: 1 addition & 0 deletions docs/credits.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
* rfamilya
* robinhouston
* sneha patil
* tomanthony
* vytah
* willikins_bear
* yangbongsoo
Expand Down
5 changes: 5 additions & 0 deletions docs/cve202142575.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# CVE-2021-42575

Policies that allow `<style>` tags inside `<option>` elements are vulnerable to RCE

See https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/edit?usp=sharing for mitigations.
12 changes: 6 additions & 6 deletions docs/getting_started.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,23 +23,23 @@ to one of your project's `.java` files and compile it.
## Using the APIs

The
[examples](https://github.com/OWASP/java-html-sanitizer/tree/master/src/main/java/org/owasp/html/examples)
[examples](https://github.com/OWASP/java-html-sanitizer/tree/main/src/main/java/org/owasp/html/examples)
include source code which defines a sanitization policy, and applies
it to HTML.

The
[javadoc](http://javadoc.io/doc/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/)
covers more detailed topics, including
[customization](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20191001.1/org/owasp/html/HtmlPolicyBuilder.html).
[customization](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/org/owasp/html/HtmlPolicyBuilder.html).

Important classes are:

* [Sanitizers](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20191001.1/org/owasp/html/Sanitizers.html) contains combinable pre-packaged policies.
* [HtmlPolicyBuilder](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20191001.1/org/owasp/html/HtmlPolicyBuilder.html) lets you easily build custom policies.
* [Sanitizers](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/org/owasp/html/Sanitizers.html) contains combinable pre-packaged policies.
* [HtmlPolicyBuilder](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/org/owasp/html/HtmlPolicyBuilder.html) lets you easily build custom policies.

For advanced use, see:
* [AttributePolicy](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20191001.1/org/owasp/html/AttributePolicy.html) and [ElementPolicy](http://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20180219.1/org/owasp/html/ElementPolicy.html) allow complex customization.
* [HtmlStreamEventReceiver](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20191001.1/org/owasp/html/HtmlStreamEventReceiver.html) if you don't just want a `String` as output.
* [AttributePolicy](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/org/owasp/html/AttributePolicy.html) and [ElementPolicy](http://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20180219.1/org/owasp/html/ElementPolicy.html) allow complex customization.
* [HtmlStreamEventReceiver](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/org/owasp/html/HtmlStreamEventReceiver.html) if you don't just want a `String` as output.

## Asking Questions

Expand Down
2 changes: 1 addition & 1 deletion docs/maven.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Bigger numbers are more recent and the [change log](../change_log.md)
can shed light on the salient differences.

You should be able to build with the HTML sanitizer. You can read the
[javadoc](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20191001.1/index.html),
[javadoc](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/index.html),
and if you have questions that aren't answered by these wiki pages,
you can ask on the
[mailing list](http://groups.google.com/group/owasp-java-html-sanitizer-support).
Expand Down
3 changes: 2 additions & 1 deletion docs/vulnerabilities.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# Known & public vulnerabilities in this project
# Known & public vulnerabilities in this project

* [CVE-2021-42575](cve202142575.md) - 18 Oct. 2021 - Recommend upgrade to v20211018.1 or later.
* [CVE-2011-4457](cve20114457.md) - 17 Nov. 2011 - Recommend upgrade to r88 or later.
4 changes: 2 additions & 2 deletions empiricism/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,13 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
<artifactId>html-types</artifactId>
<version>20191001.2-SNAPSHOT</version>
<version>20220608.2-SNAPSHOT</version>
<packaging>jar</packaging>
<parent>
<relativePath>../parent</relativePath>
<groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
<artifactId>parent</artifactId>
<version>20191001.2-SNAPSHOT</version>
<version>20220608.2-SNAPSHOT</version>
</parent>

<name>empiricism</name>
Expand Down
4 changes: 2 additions & 2 deletions html-types/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,13 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
<artifactId>html-types</artifactId>
<version>20191001.2-SNAPSHOT</version>
<version>20220608.2-SNAPSHOT</version>
<packaging>bundle</packaging>
<parent>
<relativePath>../parent</relativePath>
<groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
<artifactId>parent</artifactId>
<version>20191001.2-SNAPSHOT</version>
<version>20220608.2-SNAPSHOT</version>
</parent>

<name>OWASP Java HTML Sanitizer Safe HTML Compatibility</name>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@
* This class is safe when the policy factories passed to it are safe.
* <a href="https://github.com/mikesamuel/fences-maven-enforcer-rule">Fences</a>
* can be used to control access to {@link SafeHtmlMint#fromPolicyFactory}
* as needed, and <a href="https://github.com/mikesamuel/fences-maven-enforcer-rule/blob/master/src/site/markdown/caveats.md">the plausible deniability</a>
* as needed, and <a href="https://github.com/mikesamuel/fences-maven-enforcer-rule/blob/main/src/site/markdown/caveats.md">the plausible deniability</a>
* standard can be extended to writing policies that white-list known-unsafe
* content.
*/
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,9 @@

/**
* Wraps HTML policy builders to produce
* <a href="https://github.com/google/safe-html-types/blob/master/doc/safehtml-types.md">Safe HTML</a>.
* <a href="https://github.com/google/safe-html-types/blob/main/doc/safehtml-types.md">Safe HTML</a>.
* <p>
* @see <a href="https://github.com/OWASP/java-html-sanitizer/blob/master/docs/credits.md">usage</a>
* @see <a href="https://github.com/OWASP/java-html-sanitizer/blob/main/docs/credits.md">usage</a>
* @author Mike Samuel ([email protected])
*/
@javax.annotation.ParametersAreNonnullByDefault
Expand Down
6 changes: 3 additions & 3 deletions parent/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
<artifactId>parent</artifactId>
<version>20191001.2-SNAPSHOT</version>
<version>20220608.2-SNAPSHOT</version>

<packaging>pom</packaging>

Expand Down Expand Up @@ -88,7 +88,7 @@ application while protecting against XSS.
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<guava.version>27.1-jre</guava.version>
<guava.version>30.1-jre</guava.version>
</properties>

<build>
Expand Down Expand Up @@ -265,7 +265,7 @@ application while protecting against XSS.
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<version>4.13.1</version>
<scope>test</scope>
</dependency>
</dependencies>
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<relativePath>parent</relativePath>
<groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
<artifactId>parent</artifactId>
<version>20191001.2-SNAPSHOT</version>
<version>20220608.2-SNAPSHOT</version>
</parent>

<name>OWASP Java HTML Sanitizer</name>
Expand Down
11 changes: 9 additions & 2 deletions src/main/java/org/owasp/html/CssSchema.java
Original file line number Diff line number Diff line change
Expand Up @@ -293,7 +293,9 @@ Property forKey(String propertyName) {
ImmutableSet<String> mozOutlineLiterals3 = ImmutableSet.of(
"hidden", "inherit", "inset", "invert", "medium", "none");
ImmutableMap<String, String> mozOutlineFunctions =
ImmutableMap.<String, String>of("rgb(", "rgb()", "rgba(", "rgba()");
ImmutableMap.<String, String>of(
"rgb(", "rgb()", "rgba(", "rgba()",
"hsl(", "hsl()", "hsla(", "hsla()");
ImmutableSet<String> mozOutlineColorLiterals0 =
ImmutableSet.of("inherit", "invert");
ImmutableSet<String> mozOutlineStyleLiterals0 =
Expand Down Expand Up @@ -324,6 +326,7 @@ Property forKey(String propertyName) {
.put("repeating-linear-gradient(", "repeating-linear-gradient()")
.put("repeating-radial-gradient(", "repeating-radial-gradient()")
.put("rgb(", "rgb()").put("rgba(", "rgba()")
.put("hsl(", "hsl()").put("hsla(", "hsla()")
.build();
ImmutableSet<String> backgroundAttachmentLiterals0 =
ImmutableSet.of(",", "fixed", "local", "scroll");
Expand Down Expand Up @@ -742,6 +745,9 @@ Property forKey(String propertyName) {
builder.put("zoom", new Property(1, fontStretchLiterals1, zeroFns));
Property rgb$Fun = new Property(1, rgb$FunLiterals0, zeroFns);
builder.put("rgb()", rgb$Fun);
builder.put("rgba()", rgb$Fun);
builder.put("hsl()", rgb$Fun);
builder.put("hsla()", rgb$Fun);
@SuppressWarnings("unchecked")
Property image$Fun = new Property(
18, union(mozOutlineLiterals0, rgb$FunLiterals0), mozOutlineFunctions);
Expand Down Expand Up @@ -835,7 +841,6 @@ Property forKey(String propertyName) {
builder.put("width", margin);
builder.put("word-spacing", letterSpacing);
builder.put("z-index", bottom);
builder.put("rgba()", rgb$Fun);
builder.put("repeating-linear-gradient()", linearGradient$Fun);
builder.put("repeating-radial-gradient()", radialGradient$Fun);
DEFINITIONS = builder.build();
Expand Down Expand Up @@ -961,6 +966,8 @@ private static <T> ImmutableSet<T> union(
"repeating-radial-gradient()",
"rgb()",
"rgba()",
"hsl()",
"hsla()",
"richness",
"speak",
"speak-header",
Expand Down
Loading