[ https://issues.apache.org/jira/browse/SLING-4176?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14214674#comment-14214674 ]
ASF GitHub Bot commented on SLING-4176: --------------------------------------- GitHub user vladbailescu opened a pull request: https://github.com/apache/sling/pull/38 SLING-4176 - Added validation/filtering for StyleToken context You can merge this pull request into a Git repository by running: $ git pull https://github.com/vladbailescu/sling Sightly-StyleToken-context-is-doing-nothing Alternatively you can review and apply these changes as the patch at: https://github.com/apache/sling/pull/38.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #38 ---- commit e9b7ba0ef09ef3a7f409f6bca71b1911fe2e5065 Author: vladbailescu <baile...@adobe.com> Date: 2014-11-17T14:00:12Z SLING-4176 - Added validation/filtering for StyleToken context ---- > Sightly: StyleToken context is doing nothing > -------------------------------------------- > > Key: SLING-4176 > URL: https://issues.apache.org/jira/browse/SLING-4176 > Project: Sling > Issue Type: Bug > Components: Scripting > Reporter: Vlad Bailescu > Priority: Minor > Labels: Sightly > Fix For: Scripting Sightly Engine 1.0.0 > > > The context='styleToken' expression option doesn't seem to be doing anything > (it seems to work as context='unsafe'). Similarly to scriptToken, this should > actually be a validator that only allows following CSS tokens: > - Identifiers, e.g.: red, or -moz-box-sizing > - Numbers and dimensions, e.g.: 42, 42deg, .42s or 42% > - Strings, e.g.: "it's there" > - Hex colors, e.g.: #fff > - Functions (making sure to have matching parenthesis!), e.g.: rgba(20%, 20%, > 100%, 0.02), or url('data:image/png;base64,iVB...') -- This message was sent by Atlassian JIRA (v6.3.4#6332)