You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
boolean isSafeAttribute(String tagName, Element el, Attribute attr) {
TagName tag = TagName.valueOf(tagName);
AttributeKey key = AttributeKey.valueOf(attr.getKey());
if (attributes.containsKey(tag)) {
if (attributes.get(tag).contains(key)) {
if (protocols.containsKey(tag)) {
Map<AttributeKey, Set<Protocol>> attrProts = protocols.get(tag);
// ok if not defined protocol; otherwise test
return !attrProts.containsKey(key) || testValidProtocol(el, attr, attrProts.get(key));
} else { // attribute found, no protocols defined, so OK
return true;
}
}
} else { // no attributes defined for tag, try :all tag
return !tagName.equals(":all") && isSafeAttribute(":all", el, attr);
}
return false;
}
must be:
boolean isSafeAttribute(String tagName, Element el, Attribute attr) {
TagName tag = TagName.valueOf(tagName);
AttributeKey key = AttributeKey.valueOf(attr.getKey());
if (attributes.containsKey(tag)) {
if (attributes.get(tag).contains(key)) {
if (protocols.containsKey(tag)) {
Map<AttributeKey, Set<Protocol>> attrProts = protocols.get(tag);
// ok if not defined protocol; otherwise test
return !attrProts.containsKey(key) || testValidProtocol(el, attr, attrProts.get(key));
} else { // attribute found, no protocols defined, so OK
return true;
}
}
}
return !tagName.equals(":all") && isSafeAttribute(":all", el, attr);
}
Otherwise, only tags with no attributes defined have default :all attributes applied.
U can use this code for testing, where "class" is preserved in div, but not in table.
String unsafe =
"
At line 297:
must be:
Otherwise, only tags with no attributes defined have default :all attributes applied.
U can use this code for testing, where "class" is preserved in div, but not in table.
String unsafe =
"
Link
" +"<div class="test" style="background:red">oleadmin" +
"<table class="tipusTaula1">hell world";
Whitelist whitelist = Whitelist.basic();
whitelist.addTags("div","table","tr","td");
whitelist.addAttributes("table", "border");
whitelist.addAttributes(":all", "class", "style");
The text was updated successfully, but these errors were encountered: