You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by en...@apache.org on 2019/10/07 22:57:32 UTC
[sling-org-apache-sling-xss] branch master updated: SLING-8771 XSS
Configuration should allow the HTML5 figure and figcaption tags
This is an automated email from the ASF dual-hosted git repository.
enorman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-xss.git
The following commit(s) were added to refs/heads/master by this push:
new 1401b70 SLING-8771 XSS Configuration should allow the HTML5 figure and figcaption tags
1401b70 is described below
commit 1401b70148bacdc4a6667d7fbc4984e801c0efb5
Author: Eric Norman <en...@apache.org>
AuthorDate: Mon Oct 7 15:56:42 2019 -0700
SLING-8771 XSS Configuration should allow the HTML5 figure and
figcaption tags
---
src/main/resources/SLING-INF/content/config.xml | 4 ++++
.../org/apache/sling/xss/impl/AntiSamyPolicyTest.java | 18 ++++++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/src/main/resources/SLING-INF/content/config.xml b/src/main/resources/SLING-INF/content/config.xml
index dccd890..1223b22 100644
--- a/src/main/resources/SLING-INF/content/config.xml
+++ b/src/main/resources/SLING-INF/content/config.xml
@@ -1170,6 +1170,10 @@ http://www.w3.org/TR/html401/struct/global.html
</attribute>
</tag>
+ <!-- SLING-8771 - HTML5 figure and figcaption http://html5doctor.com/the-figure-figcaption-elements/ -->
+ <tag name="figure" action="validate"/>
+ <tag name="figcaption" action="validate"/>
+
</tag-rules>
diff --git a/src/test/java/org/apache/sling/xss/impl/AntiSamyPolicyTest.java b/src/test/java/org/apache/sling/xss/impl/AntiSamyPolicyTest.java
index 53e8fa1..a477fe4 100644
--- a/src/test/java/org/apache/sling/xss/impl/AntiSamyPolicyTest.java
+++ b/src/test/java/org/apache/sling/xss/impl/AntiSamyPolicyTest.java
@@ -200,6 +200,24 @@ public class AntiSamyPolicyTest {
}
}
+
+ /**
+ * Test to verify the fix for SLING-8771 - XSS Configuration should allow the HTML5 figure and figcaption tags
+ */
+ @Test
+ public void testIssueSLING8771() throws Exception {
+
+ TestInput[] tests = new TestInput[]{
+ new TestInput("<figure class=\"image\"><img src=\"/logo.jpg\"><figcaption>Caption Here</figcaption></figure>",
+ "<figure", true),
+ new TestInput("<figure class=\"image\"><img src=\"/logo.jpg\"><figcaption>Caption Here</figcaption></figure>",
+ "<figcaption", true),
+ };
+ for (TestInput testInput : tests) {
+ testOutputContains(testInput.input, testInput.expectedPartialOutput, testInput.containsExpectedPartialOutput);
+ }
+ }
+
private void testOutputContains(String input, String containedString, boolean contains) throws Exception {
testOutputContains(input, containedString, contains, false);
}