feat: allow color and background-color style properties for table cells (#4766)

* Allow adding text color and background color to HTML table headers and cells in markdown.
* Added a few test cases.

Preview and example: https://codeberg.org/attachments/98634f30-4fa2-4a76-adb3-6086af73744f

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4766
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
This commit is contained in:
0ko 2024-07-31 18:48:46 +00:00
parent 5a59866a32
commit ca5a5bf120
2 changed files with 5 additions and 3 deletions

View File

@ -111,8 +111,8 @@ func createDefaultPolicy() *bluemonday.Policy {
// Allow icons, emojis, chroma syntax and keyword markup on span // Allow icons, emojis, chroma syntax and keyword markup on span
policy.AllowAttrs("class").Matching(regexp.MustCompile(`^((icon(\s+[\p{L}\p{N}_-]+)+)|(emoji)|(language-math display)|(language-math inline))$|^([a-z][a-z0-9]{0,2})$|^` + keywordClass + `$`)).OnElements("span") policy.AllowAttrs("class").Matching(regexp.MustCompile(`^((icon(\s+[\p{L}\p{N}_-]+)+)|(emoji)|(language-math display)|(language-math inline))$|^([a-z][a-z0-9]{0,2})$|^` + keywordClass + `$`)).OnElements("span")
// Allow 'color' and 'background-color' properties for the style attribute on text elements. // Allow 'color' and 'background-color' properties for the style attribute on text elements and table cells.
policy.AllowStyles("color", "background-color").OnElements("span", "p") policy.AllowStyles("color", "background-color").OnElements("span", "p", "th", "td")
// Allow classes for file preview links... // Allow classes for file preview links...
policy.AllowAttrs("class").Matching(regexp.MustCompile("^(lines-num|lines-code chroma)$")).OnElements("td") policy.AllowAttrs("class").Matching(regexp.MustCompile("^(lines-num|lines-code chroma)$")).OnElements("td")

View File

@ -47,8 +47,10 @@ func Test_Sanitizer(t *testing.T) {
// Color property // Color property
`<span style="color: red">Hello World</span>`, `<span style="color: red">Hello World</span>`, `<span style="color: red">Hello World</span>`, `<span style="color: red">Hello World</span>`,
`<p style="color: red">Hello World</p>`, `<p style="color: red">Hello World</p>`, `<p style="color: red; background-color: red">Hello World</p>`, `<p style="color: red; background-color: red">Hello World</p>`,
`<table><tr><th style="color: red">TH1</th><th style="background-color: red">TH2</th><th style="color: red; background-color: red">TH3</th></tr><tr><td style="color: red">TD1</td><td style="background-color: red">TD2</td><td style="color: red; background-color: red">TD3</td></tr></table>`, `<table><tr><th style="color: red">TH1</th><th style="background-color: red">TH2</th><th style="color: red; background-color: red">TH3</th></tr><tr><td style="color: red">TD1</td><td style="background-color: red">TD2</td><td style="color: red; background-color: red">TD3</td></tr></table>`,
`<code style="color: red">Hello World</code>`, `<code>Hello World</code>`, `<code style="color: red">Hello World</code>`, `<code>Hello World</code>`,
`<code style="background-color: red">Hello World</code>`, `<code>Hello World</code>`,
`<span style="bad-color: red">Hello World</span>`, `<span>Hello World</span>`, `<span style="bad-color: red">Hello World</span>`, `<span>Hello World</span>`,
`<p style="bad-color: red">Hello World</p>`, `<p>Hello World</p>`, `<p style="bad-color: red">Hello World</p>`, `<p>Hello World</p>`,
`<code style="bad-color: red">Hello World</code>`, `<code>Hello World</code>`, `<code style="bad-color: red">Hello World</code>`, `<code>Hello World</code>`,