Closed Narvey closed 6 years ago
jantman
commented
6 years ago I'll say that I don't really care how we get there (i.e. whitelisted style options, whitelisted tags/attributes/whatever) but it's pretty important to me to be able to at least somehow set font and background color, especially in a HTML table (th/td).
gjtorikian
commented
6 years ago This gem is this gem, and has no guarantee of usage in GitHub text fields. GitHub has configured their whitelist differently.
Epoizam
commented
5 months ago Protection my device please
sanitization_filter.rb has attributes (including color) that are listed as allowed, but do not work in GitHub.
For example, if I do:
<hr color="orange" />It looks like:
Which is clearly grey, not orange. Also in order for the color attribute to be really useful, we need the "font" tag.
I'm not able to test all the others exhaustively, but some others that are rather strange are "checked", "selected", "action", "accesskey". Since form-related tags aren't allowed, I'm not sure what possible use these could have. For these four only, I recommend removing them from the list.