[
https://issues.apache.org/jira/browse/SLING-4176?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14214674#comment-14214674
]
ASF GitHub Bot commented on SLING-4176:
---------------------------------------
GitHub user vladbailescu opened a pull request:
https://github.com/apache/sling/pull/38
SLING-4176 - Added validation/filtering for StyleToken context
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/vladbailescu/sling
Sightly-StyleToken-context-is-doing-nothing
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/sling/pull/38.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #38
----
commit e9b7ba0ef09ef3a7f409f6bca71b1911fe2e5065
Author: vladbailescu <baile...@adobe.com>
Date: 2014-11-17T14:00:12Z
SLING-4176 - Added validation/filtering for StyleToken context
----
> Sightly: StyleToken context is doing nothing
> --------------------------------------------
>
> Key: SLING-4176
> URL: https://issues.apache.org/jira/browse/SLING-4176
> Project: Sling
> Issue Type: Bug
> Components: Scripting
> Reporter: Vlad Bailescu
> Priority: Minor
> Labels: Sightly
> Fix For: Scripting Sightly Engine 1.0.0
>
>
> The context='styleToken' expression option doesn't seem to be doing anything
> (it seems to work as context='unsafe'). Similarly to scriptToken, this should
> actually be a validator that only allows following CSS tokens:
> - Identifiers, e.g.: red, or -moz-box-sizing
> - Numbers and dimensions, e.g.: 42, 42deg, .42s or 42%
> - Strings, e.g.: "it's there"
> - Hex colors, e.g.: #fff
> - Functions (making sure to have matching parenthesis!), e.g.: rgba(20%, 20%,
> 100%, 0.02), or url('data:image/png;base64,iVB...')
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
