Bug in allowed attributes #287
Comments
|
I'll say that I don't really care how we get there (i.e. whitelisted |
|
This gem is this gem, and has no guarantee of usage in GitHub text fields. GitHub has configured their whitelist differently. |
|
Protection my device please |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
sanitization_filter.rb has attributes (including color) that are listed as allowed, but do not work in GitHub.
For example, if I do:
<hr color="orange" />It looks like:
Which is clearly grey, not orange. Also in order for the color attribute to be really useful, we need the "font" tag.
I'm not able to test all the others exhaustively, but some others that are rather strange are "checked", "selected", "action", "accesskey". Since form-related tags aren't allowed, I'm not sure what possible use these could have. For these four only, I recommend removing them from the list.
The text was updated successfully, but these errors were encountered: