honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Watcher: Allow more tags for HTML sanitizer in tables (elastic/elasticsearch#2350) 

This allows the colspan/rowspan attr on td/tr as well as
border/cellpadding attrs on table elements.

Original commit: elastic/x-pack-elasticsearch@e0b989f0ac
This commit is contained in:
Alexander Reelsen 2016-05-26 11:10:31 +02:00
parent a056aacca1
commit 72c3dbd3bc
2 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/HtmlSanitizer.java
View File

@ -86,6 +86,8 @@ public class HtmlSanitizer {
case "_tables": case "_tables":
policyBuilder.allowElements(TABLE_TAGS); policyBuilder.allowElements(TABLE_TAGS);
policyBuilder.allowAttributes("span").onElements("col"); policyBuilder.allowAttributes("span").onElements("col");
policyBuilder.allowAttributes("border", "cellpadding").onElements("table");
policyBuilder.allowAttributes("colspan", "rowspan").onElements("th", "td");
break; break;
case "_links": case "_links":
policyBuilder.allowElements("a") policyBuilder.allowElements("a")

12
elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/email/HtmlSanitizerTests.java
View File

@ -75,7 +75,7 @@ public class HtmlSanitizerTests extends ESTestCase {
} }
public void testDefaultTablesAllowed() { public void testDefaultTablesAllowed() {
String html = "<table>" + String html = "<table border=\"1\" cellpadding=\"6\">" +
"<caption>caption</caption>" + "<caption>caption</caption>" +
"<colgroup>" + "<colgroup>" +
"<col span=\"2\" />" + "<col span=\"2\" />" +
@ -83,7 +83,7 @@ public class HtmlSanitizerTests extends ESTestCase {
"</colgroup>" + "</colgroup>" +
"<thead>" + "<thead>" +
"<tr>" + "<tr>" +
"<th>header1</th>" + "<th colspan=\"2\">header1</th>" +
"<th>header2</th>" + "<th>header2</th>" +
"</tr>" + "</tr>" +
"</thead>" + "</thead>" +
@ -105,6 +105,14 @@ public class HtmlSanitizerTests extends ESTestCase {
assertThat(sanitizedHtml, equalTo(html)); assertThat(sanitizedHtml, equalTo(html));
} }
public void testAllowStyles() {
String html = "<table border=\"1\" cellpadding=\"6\" style=\"color:red\"></table>";
Settings settings = Settings.builder().putArray("xpack.notification.email.html.sanitization.allow", "_tables", "_styles").build();
HtmlSanitizer sanitizer = new HtmlSanitizer(settings);
String sanitizedHtml = sanitizer.sanitize(html);
assertThat(sanitizedHtml, equalTo(html));
}
public void testDefaultFormattingAllowed() { public void testDefaultFormattingAllowed() {
String html = "<b></b><i></i><s></s><u></u><o></o><sup></sup><sub></sub><ins></ins><del></del><strong></strong>" + String html = "<b></b><i></i><s></s><u></u><o></o><sup></sup><sub></sub><ins></ins><del></del><strong></strong>" +
"<strike></strike><tt></tt><code></code><big></big><small></small><span></span><br /><em></em><hr />"; "<strike></strike><tt></tt><code></code><big></big><small></small><span></span><br /><em></em><hr />";