Feature #2416
closed
{background:color} doesn't work in text formatting
0%
Description
table{border:1px bordercolor:darkblue}.
|_.1|_.2|_.3|_.4|
|a|b|{background:#ddd}.c|d|
|e|f|g|{background:#ddd}. Grey cell|
should looks like the table below, but in the current devel version(r2202 tested), the background color cann't be displayed.
| 1 | 2 | 3 | 4 |
|---|---|---|---|
| a | b | c | d |
| e | f | g | Grey cell |
Related issues
Updated by Jean-Philippe Lang almost 16 years ago
- Status changed from New to Resolved
- Resolution set to Wont fix
Textile inline styles were disabled in r2192 for security reasons.
If you really need this feature and don't fear XSS attacks, then have a look at:
source:/trunk/lib/redmine/wiki_formatting/textile/formatter.rb@2192#L33
Updated by Chaoqun Zou almost 16 years ago
I'm not familiar with XSS. And does the code below still looks like a vulnerability?
[...]
Updated by Jean-Philippe Lang almost 16 years ago
Yes. It looks like. Example stripped and fix committed in r2212.
Updated by Jean-Philippe Lang almost 16 years ago
- Status changed from Resolved to Closed
Updated by Chaoqun Zou almost 16 years ago
I have found a textile reference that says:
Developers can easily include Textile in any web application that accepts user input for display on web pages. Textile supports UTF-8 input, and produces valid XHTML. A “Restricted” mode is available for processing input from untrusted users, where invalid input and XSS attacks are a risk.
Maybe you would like to have a look at: http://thresholdstate.com/articles/4312/the-textile-reference-manual
Updated by Jean-Philippe Lang almost 13 years ago
- Tracker changed from Defect to Feature
- Subject changed from {background:color} doesn't work in the textile field of wiki or issue page to {background:color} doesn't work in text formatting
- Category changed from Wiki to Text formatting
- Assignee set to Jean-Philippe Lang
- Target version set to 1.4.0
- Resolution changed from Wont fix to Fixed
The following white list of styles is now allowed in text formatting (r8860): color, width, height, border, background, padding, margin, font, text and their variations (eg. border-left, ...). Malformed styles are filetered as well.
table{background:#afa}.
|_.1|_.2|
|{background:red; color:white}. Red cell|d|
|g|{background:#ddd}. Grey cell|
Displays:
| 1 | 2 |
|---|---|
| Red cell | d |
| g | Grey cell |
Updated by Keats . over 12 years ago
the FAQ points there but it's not working for me.
steps- create a wiki
- paste the table example
table{background:#afa}. |_.1|_.2| |{background:red; color:white}. Red cell|d| |g|{background:#ddd}. Grey cell
is seen on the the wiki
Updated by Ivan Samygin almost 11 years ago
I noticed that there must be an empty line before your table markup to get it work.
Updated by Go MAEDA over 6 years ago
- Related to Feature #22425: Allow "style" tag in Redcarpet Markdown formatter added
Updated by Mischa The Evil about 2 years ago
- Related to Defect #37237: Common Markdown Formatter does not render all properties on HTML elements added