You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Vlad Bailescu (JIRA)" <ji...@apache.org> on 2014/11/17 11:46:33 UTC

[jira] [Created] (SLING-4176) Sightly: ScriptToken context is doing nothing

Vlad Bailescu created SLING-4176:
------------------------------------

             Summary: Sightly: ScriptToken context is doing nothing
                 Key: SLING-4176
                 URL: https://issues.apache.org/jira/browse/SLING-4176
             Project: Sling
          Issue Type: Bug
          Components: Scripting
            Reporter: Vlad Bailescu
            Priority: Minor
             Fix For: Scripting Sightly Engine 1.0.0


The context='styleToken' expression option doesn't seem to be doing anything (it seems to work as context='unsafe'). Similarly to scriptToken, this should actually be a validator that only allows following CSS tokens:

- Identifiers, e.g.: red, or -moz-box-sizing
- Numbers and dimensions, e.g.: 42, 42deg, .42s or 42%
- Strings, e.g.: "it's there"
- Hex colors, e.g.: #fff
- Functions (making sure to have matching parenthesis!), e.g.: rgba(20%, 20%, 100%, 0.02), or url('data:image/png;base64,iVB...')




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)