Defect #37237
Common Markdown Formatter does not render all properties on HTML elements
| Status: | Closed | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Marius BALTEANU | % Done: | 0% | |
| Category: | Text formatting | |||
| Target version: | 5.0.3 | |||
| Resolution: | Fixed | Affected version: | 5.0.0 |
Description
Input:
<table align="center" border="0" cellpadding="1" cellspacing="1" style="width:100%; text-align:center; border-collapse:separate; border-spacing: 10px; display:table">
<tr>
<td class="InfoButton">Some Text</td>
</tr>
</table>
Output:
<table align="center" border="0" cellpadding="1" cellspacing="1">
<tr>
<td>Some Text</td>
</tr>
</table>
Related issues
Associated revisions
Allow select custom CSS properties (#37237).
Patch by Jens Krämer.
Adds info about custom CSS to commonmark markdown help (#37237).
Patch by Jens Krämer.
History
#2
Updated by Holger Just 8 months ago
- File deleted (
blog-categories-2022-05-13.csv)
#4
Updated by Holger Just 7 months ago
- File deleted (
24.gif)
Updated by #10
Updated by Holger Just 5 months ago
Right now, custom CSS rules are not allowed at all in Markdown. This is something that may change in the future though to allow a limited set of CSS rules. We have built this in Planio already and are currently preparing the patches for Redmine to contribute this.
As for custom class attributes, these are generally forbidden due to security concerns. As Redmine uses classes in its own generated HTML to show style its interfaces, allowing arbitrary classes could allow attackers to hide or affect critical UI details outside of the rendered markup which is thus forbidden.
#11
Updated by Jens Krämer 4 months ago
- File 0002-adds-info-about-custom-CSS-to-commonmark-markdown-he.patch
added - File 0001-allow-select-custom-CSS-properties.patch added
Here's a patch (extracted from Planio) that allows a limited set of CSS properties in CommonMark output. The second patch adds the corresponding list of allowed properties to the english documentation file.
#12
Updated by Marius BALTEANU 4 months ago
- Target version set to 5.0.3
#13
Updated by Mischa The Evil 4 months ago
- Related to Feature #2416: {background:color} doesn't work in text formatting added
#14
Updated by Mischa The Evil 4 months ago
- Related to Feature #22425: Allow "style" tag in Redcarpet Markdown formatter added
#15
Updated by Mischa The Evil 4 months ago
I wonder: given the similarity with the list of properties kept in source:/trunk/lib/redmine/wiki_formatting/textile/redcloth3.rb@21848#L514 for the Textile formatter, wouldn't it be better to unify both of these and/or extract the list of properties into its own entirely (as it might be useful for other, third-party formatters too)? Would such be feasible?
Otherwise the patches look good to me... ;)
#16
Updated by Jens Krämer 4 months ago
Reusing parts of the commonmark HTML pipeline for the other formatters is definitely something we should do in the future. Makes a lot of sense especially for the Sanitizer, and if I'm not mistaken we could then throw out such formatter-specific sanitization like the one you pointed out.
#17
Updated by Marius BALTEANU 4 months ago
- Status changed from New to Resolved
- Assignee set to Marius BALTEANU
- Resolution set to Fixed
Patches committed, thanks.
I think we can handle the reusable part in another ticket.
#18
Updated by Marius BALTEANU 4 months ago
Fixes merged to 5.0.3.
#19
Updated by Marius BALTEANU 4 months ago
- Status changed from Resolved to Closed
#20
Updated by Go MAEDA 20 days ago
- Related to Defect #38073: CommonMark Markdown formatter does not support min-width, max-width, min-height, and max-height CSS properties added