[jira] [Updated] (SLING-7024) Sightly doesn't allow to emit style attributes for `data-sly-attribute`

[Konrad Windszus (JIRA)]

     [ 
https://issues.apache.org/jira/browse/SLING-7024?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Konrad Windszus updated SLING-7024:
-----------------------------------
    Description: 
For the following Sightly script
{code}
<a data-sly-attribute.style="${'background-color: #00ff00' @ 
context='style-token'}"></a>
{code}
The generated a element will not contain a style attribute.
Instead the following error is emitted in the log
{code}
31.07.2017 09:26:12.448 *WARN* [172.19.0.1 [1501493172400] GET /<some URL> 
HTTP/1.1] org.apache.sling.scripting.sightly.impl.engine.SightlyScriptEngine 
Script <some script path> 11:32: ${'background-color: #00ff00' @ 
context='style-token'}: Refusing to generate attribute 'style' for security 
reasons.
{code}

This is unexpected as neither the HTL spec 
(https://github.com/Adobe-Marketing-Cloud/htl-spec/blob/master/SPECIFICATION.md#223-attribute)
 nor the adobe documentation at 
https://docs.adobe.com/docs/en/htl/docs/block-statements.html#attribute 
mentions that. Please either document that or rather lift that limitation.

  was:
For the following Sightly script
{code}
<a data-sly-attribute.style="${'background-color: #00ff00' @ 
context='style-token'}"></a>
{code}
The generated a element will not contain a style attribute.
Instead the following error is emitted in the log
{code}
31.07.2017 09:26:12.448 *WARN* [172.19.0.1 [1501493172400] GET /<some URL> 
HTTP/1.1] org.apache.sling.scripting.sightly.impl.engine.SightlyScriptEngine 
Script <some script path> 11:32: ${'background-color: #00ff00' @ 
context='style-token'}: Refusing to generate attribute 'style' for security 
reasons.
{code}

This is unexpected from the HTL spec


> Sightly doesn't allow to emit style attributes for `data-sly-attribute`
> -----------------------------------------------------------------------
>
>                 Key: SLING-7024
>                 URL: https://issues.apache.org/jira/browse/SLING-7024
>             Project: Sling
>          Issue Type: Bug
>          Components: Scripting
>    Affects Versions: Scripting HTL Compiler 1.0.8
>            Reporter: Konrad Windszus
>            Assignee: Radu Cotescu
>
> For the following Sightly script
> {code}
> <a data-sly-attribute.style="${'background-color: #00ff00' @ 
> context='style-token'}"></a>
> {code}
> The generated a element will not contain a style attribute.
> Instead the following error is emitted in the log
> {code}
> 31.07.2017 09:26:12.448 *WARN* [172.19.0.1 [1501493172400] GET /<some URL> 
> HTTP/1.1] org.apache.sling.scripting.sightly.impl.engine.SightlyScriptEngine 
> Script <some script path> 11:32: ${'background-color: #00ff00' @ 
> context='style-token'}: Refusing to generate attribute 'style' for security 
> reasons.
> {code}
> This is unexpected as neither the HTL spec 
> (https://github.com/Adobe-Marketing-Cloud/htl-spec/blob/master/SPECIFICATION.md#223-attribute)
>  nor the adobe documentation at 
> https://docs.adobe.com/docs/en/htl/docs/block-statements.html#attribute 
> mentions that. Please either document that or rather lift that limitation.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)