We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
On CssSchema (
java-html-sanitizer/owasp-java-html-sanitizer/src/main/java/org/owasp/html/CssSchema.java
Line 714 in f729a08
Property textAlign = new Property(0, union(azimuthLiterals1, textAlignLiterals0), zeroFns); builder.put("text-align", textAlign);
The text-align possible values are (https://developer.mozilla.org/en-US/docs/Web/CSS/text-align ) :
text-align: start; text-align: end; text-align: left; text-align: right; text-align: center; text-align: justify; text-align: justify-all; text-align: match-parent; /* Block alignment values (Non-standard syntax) */ text-align: -moz-center; text-align: -webkit-center; /* Global values */ text-align: inherit; text-align: initial; text-align: revert; text-align: revert-layer; text-align: unset;
And only 5 of them are kept when sanitizing right now : left, right, center, inherit, justify
I did a dirty hack for the moment to cover my needs:
try { CssSchema cssSchema = CssSchema.DEFAULT; Method forKey = cssSchema.getClass().getDeclaredMethod("forKey", String.class); forKey.setAccessible(true); CssSchema.Property p = (CssSchema.Property) forKey.invoke(union, "text-align"); Field literalsField = p.getClass().getDeclaredField("literals"); literalsField.setAccessible(true); Set<String> literals = new HashSet<>((Set<String>) literalsField.get(p)); literals.add("start"); literals.add("end"); literalsField.set(p, literals); } catch (Exception e) { ... }
The literals of other css properties might be outdated too, I didn't check but it might be needed to review all of them.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
On CssSchema (
java-html-sanitizer/owasp-java-html-sanitizer/src/main/java/org/owasp/html/CssSchema.java
Line 714 in f729a08
The text-align possible values are (https://developer.mozilla.org/en-US/docs/Web/CSS/text-align ) :
And only 5 of them are kept when sanitizing right now : left, right, center, inherit, justify
I did a dirty hack for the moment to cover my needs:
The literals of other css properties might be outdated too, I didn't check but it might be needed to review all of them.
The text was updated successfully, but these errors were encountered: