Defect #38073 ยป 38073.patch
| lib/redmine/wiki_formatting/common_mark/sanitization_filter.rb | ||
|---|---|---|
| 29 | 29 | |
| 30 | 30 |
ALLOWED_CSS_PROPERTIES = %w[ |
| 31 | 31 |
color background-color |
| 32 |
width |
|
| 33 |
height |
|
| 32 |
width min-width max-width
|
|
| 33 |
height min-height max-height
|
|
| 34 | 34 |
padding padding-left padding-right padding-top padding-bottom |
| 35 | 35 |
margin margin-left margin-right margin-top margin-bottom |
| 36 | 36 |
border border-left border-right border-top border-bottom border-radius border-style border-collapse border-spacing |
| test/unit/lib/redmine/wiki_formatting/common_mark/sanitization_filter_test.rb | ||
|---|---|---|
| 97 | 97 |
'<span style="color: #333; background: url(\'https://example.com/evil.svg\')">hello</span>"', |
| 98 | 98 |
'<span style="color: #333; ">hello</span>"' |
| 99 | 99 |
], |
| 100 |
[ |
|
| 101 |
'<img src="photo.jpg" style="min-width: 100px; max-width: 200px; min-height: 100px; max-height: 200px;">', |
|
| 102 |
'<img src="photo.jpg" style="min-width: 100px; max-width: 200px; min-height: 100px; max-height: 200px;">' |
|
| 103 |
], |
|
| 100 | 104 |
[ |
| 101 | 105 |
'<b>Lo<!-- comment -->rem</b> <a href="pants" title="foo" style="text-decoration: underline;">ipsum</a> <a href="http://foo.com/"><strong>dolor</strong></a> sit<br/>amet <style>.foo { color: #fff; }</style> <script>alert("hello world");</script>',
|
| 102 | 106 |
'<b>Lorem</b> <a href="pants" title="foo">ipsum</a> <a href="http://foo.com/"><strong>dolor</strong></a> sit<br>amet .foo { color: #fff; } '
|