Vote #64354: {background:color} doesn't work in text formatting - redmineorg-copy202205 - Redmine

編集操作

リンクをコピー

Vote #64354

完了

{background:color} doesn't work in text formatting

Admin Redmine さんが3年以上前に追加. 3年以上前に更新.

ステータス:

Closed

優先度:

通常

担当者:

カテゴリ:

Text formatting_26

対象バージョン:

1.4.0_40

開始日:

2008/12/30

期日:

進捗率:

予定工数:

Redmineorg_URL:

https://www.redmine.org/issues/2416

category_id:

version_id:

issue_org_id:

2416

author_id:

460

assigned_to_id:

comments:

status_id:

tracker_id:

plus1:

affected_version:

closed_on:

affected_version_id:

ステータス-->[Closed]

引用

説明

table{border:1px bordercolor:darkblue}.
|_.1|_.2|_.3|_.4|
|a|b|{background:#ddd}.c|d|
|e|f|g|{background:#ddd}. Grey cell|

should looks like the table below, but in the current devel version(r2202 tested), the background color cann't be displayed.

table{border:1px bordercolor:darkblue}.
|.1|.2|.3|.4|
|a|b|{background:#ddd}.c|d|
|e|f|g|{background:#ddd}. Grey cell|

journals

Textile inline styles were disabled in r2192 for security reasons.

If you really need this feature and don't fear XSS attacks, then have a look at:
source:/trunk/lib/redmine/wiki_formatting/textile/formatter.rb@2192#L33
--------------------------------------------------------------------------------
I'm not familiar with XSS. And does the code below still looks like a vulnerability?

[...]
--------------------------------------------------------------------------------
Yes. It looks like. Example stripped and fix committed in r2212.
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
I have found a textile reference that says:

Developers can easily include Textile in any web application that accepts user input for display on web pages. Textile supports UTF-8 input, and produces valid XHTML. A “Restricted” mode is available for processing input from untrusted users, where invalid input and XSS attacks are a risk.

Maybe you would like to have a look at: http://thresholdstate.com/articles/4312/the-textile-reference-manual
--------------------------------------------------------------------------------
The following white list of styles is now allowed in text formatting (r8860): @color, width, height, border, background, padding, margin, font, text@ and their variations (eg. @border-left, ...@). Malformed styles are filetered as well.

<pre>
table{background:#afa}.
|_.1|_.2|
|{background:red; color:white}. Red cell|d|
|g|{background:#ddd}. Grey cell|
</pre>

Displays:

table{background:#afa}.
|_.1|_.2|
|{background:red; color:white}. Red cell|d|
|g|{background:#ddd}. Grey cell|
--------------------------------------------------------------------------------
the FAQ points there but it's not working for me.

steps
* create a wiki
* paste the table example

table{background:#afa}. |_.1|_.2| |{background:red; color:white}. Red cell|d| |g|{background:#ddd}. Grey cell

is seen on the the wiki
--------------------------------------------------------------------------------
I noticed that there must be an empty line before your table markup to get it work.
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------

related_issues

relates,Closed,949,Style not applied to wiki image
relates,New,22425,Allow "style" tag in Markdown formatter
duplicates,Closed,5141,textile style tags do not work
duplicates,Closed,10324,How can I set Wiki text's color
duplicates,Closed,10325,Text formatting: textile not working for i.e. styles