Feature #2416
closed
{background:color} doesn't work in text formatting
Added by Chaoqun Zou almost 16 years ago.
Updated over 3 years ago.
Description
table{border:1px bordercolor:darkblue}.
|_.1|_.2|_.3|_.4|
|a|b|{background:#ddd}.c|d|
|e|f|g|{background:#ddd}. Grey cell|
should looks like the table below, but in the current devel version(r2202 tested), the background color cann't be displayed.
| 1 |
2 |
3 |
4 |
| a |
b |
c |
d |
| e |
f |
g |
Grey cell |
- Status changed from New to Resolved
- Resolution set to Wont fix
I'm not familiar with XSS. And does the code below still looks like a vulnerability?
[...]
Yes. It looks like. Example stripped and fix committed in r2212.
- Status changed from Resolved to Closed
I have found a textile reference that says:
Developers can easily include Textile in any web application that accepts user input for display on web pages. Textile supports UTF-8 input, and produces valid XHTML. A “Restricted” mode is available for processing input from untrusted users, where invalid input and XSS attacks are a risk.
Maybe you would like to have a look at: http://thresholdstate.com/articles/4312/the-textile-reference-manual
- Tracker changed from Defect to Feature
- Subject changed from {background:color} doesn't work in the textile field of wiki or issue page to {background:color} doesn't work in text formatting
- Category changed from Wiki to Text formatting
- Assignee set to Jean-Philippe Lang
- Target version set to 1.4.0
- Resolution changed from Wont fix to Fixed
The following white list of styles is now allowed in text formatting (r8860): color, width, height, border, background, padding, margin, font, text and their variations (eg. border-left, ...). Malformed styles are filetered as well.
table{background:#afa}.
|_.1|_.2|
|{background:red; color:white}. Red cell|d|
|g|{background:#ddd}. Grey cell|
Displays:
| 1 |
2 |
| Red cell |
d |
| g |
Grey cell |
the FAQ points there but it's not working for me.
steps
- create a wiki
- paste the table example
table{background:#afa}. |_.1|_.2| |{background:red; color:white}. Red cell|d| |g|{background:#ddd}. Grey cell
is seen on the the wiki
I noticed that there must be an empty line before your table markup to get it work.
- Related to Feature #22425: Allow "style" tag in Redcarpet Markdown formatter added
- Related to Defect #37237: Common Markdown Formatter does not render all properties on HTML elements added
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by