Defect #37237
closed
Common Markdown Formatter does not render all properties on HTML elements
0%
Description
Input:
<table align="center" border="0" cellpadding="1" cellspacing="1" style="width:100%; text-align:center; border-collapse:separate; border-spacing: 10px; display:table">
<tr>
<td class="InfoButton">Some Text</td>
</tr>
</table>
Output:
<table align="center" border="0" cellpadding="1" cellspacing="1">
<tr>
<td>Some Text</td>
</tr>
</table>
Files
Related issues
Updated by Anonymous about 3 years ago
- File blog-categories-2022-05-13.csv added
Updated by Holger Just about 3 years ago
- File deleted (
blog-categories-2022-05-13.csv)
Updated by C S almost 3 years ago
Does anyone have an idea or even a work-around how I can add the HTML elements? Specifying a class and ID for the respective elements would be completely sufficient so that you can address them specifically via CSS file
Updated by Holger Just almost 3 years ago
Right now, custom CSS rules are not allowed at all in Markdown. This is something that may change in the future though to allow a limited set of CSS rules. We have built this in Planio already and are currently preparing the patches for Redmine to contribute this.
As for custom class attributes, these are generally forbidden due to security concerns. As Redmine uses classes in its own generated HTML to show style its interfaces, allowing arbitrary classes could allow attackers to hide or affect critical UI details outside of the rendered markup which is thus forbidden.
Updated by Jens Krämer almost 3 years ago
- File 0002-adds-info-about-custom-CSS-to-commonmark-markdown-he.patch 0002-adds-info-about-custom-CSS-to-commonmark-markdown-he.patch added
- File 0001-allow-select-custom-CSS-properties.patch 0001-allow-select-custom-CSS-properties.patch added
Here's a patch (extracted from Planio) that allows a limited set of CSS properties in CommonMark output. The second patch adds the corresponding list of allowed properties to the english documentation file.
Updated by Mischa The Evil almost 3 years ago
- Related to Feature #2416: {background:color} doesn't work in text formatting added
Updated by Mischa The Evil almost 3 years ago
- Related to Feature #22425: Allow "style" tag in Redcarpet Markdown formatter added
Updated by Mischa The Evil almost 3 years ago
I wonder: given the similarity with the list of properties kept in source:/trunk/lib/redmine/wiki_formatting/textile/redcloth3.rb@21848#L514 for the Textile formatter, wouldn't it be better to unify both of these and/or extract the list of properties into its own entirely (as it might be useful for other, third-party formatters too)? Would such be feasible?
Otherwise the patches look good to me... ;)
Updated by Jens Krämer almost 3 years ago
Reusing parts of the commonmark HTML pipeline for the other formatters is definitely something we should do in the future. Makes a lot of sense especially for the Sanitizer, and if I'm not mistaken we could then throw out such formatter-specific sanitization like the one you pointed out.
Updated by Marius BĂLTEANU almost 3 years ago
- Status changed from New to Resolved
- Assignee set to Marius BĂLTEANU
- Resolution set to Fixed
Patches committed, thanks.
I think we can handle the reusable part in another ticket.
Updated by Marius BĂLTEANU almost 3 years ago
- Status changed from Resolved to Closed
Updated by Go MAEDA over 2 years ago
- Related to Defect #38073: CommonMark Markdown formatter does not support min-width, max-width, min-height, and max-height CSS properties added
Updated by Go MAEDA almost 2 years ago
- Is duplicate of Feature #35747: Allow style attribute for HTML elements in CommonMark formatter added