If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Thimble is apparently cleaning "style" attributes

RESOLVED FIXED

Status

Webmaker
Thimble
--
blocker
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: pomax, Assigned: pomax)

Tracking

Details

(Whiteboard: s=2013w24 p=1)

Attachments

(1 attachment)

(Assignee)

Description

4 years ago
Tried to publish with <p style="color:yellow">, ends up being <p style="">, this is not good.
(Assignee)

Comment 1

4 years ago
if this is going wrong, it's going to be in the github.com/mozilla/htmlsanitizer.org version of Bleach... probably
(Assignee)

Comment 2

4 years ago
Apparently passing a non-empty array for CSS whitelisting crashses the htmlsanitizer.
(Assignee)

Comment 3

4 years ago
fixed mozilla/htmlsanitizer.org to not validate the style array in the same way as tags, which fixed it, which then still needs a CSS whitelist, which will be added as bug attachment
(Assignee)

Comment 4

4 years ago
Created attachment 761127 [details] [review]
https://github.com/mozilla/thimble.webmaker.org/pull/113
Attachment #761127 - Flags: review?(chris)
Comment on attachment 761127 [details] [review]
https://github.com/mozilla/thimble.webmaker.org/pull/113

R+ with a ticket to figure out why transform functions in CSS aren't being allowed.
Attachment #761127 - Flags: review?(chris) → review+
(Assignee)

Updated

4 years ago
See Also: → bug 881893
(Assignee)

Comment 6

4 years ago
filed https://bugzilla.mozilla.org/show_bug.cgi?id=881893 as followup

Comment 7

4 years ago
Commit pushed to master at https://github.com/mozilla/thimble.webmaker.org

https://github.com/mozilla/thimble.webmaker.org/commit/17fb276b78ee25c0e029197dce5f785f7b85d391
Merge pull request #113 from Pomax/bug881838

added the CSS property list
(Assignee)

Updated

4 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
Attachment mime type: text/plain → text/x-github-pull-request
You need to log in before you can comment on or make changes to this bug.