You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by en...@apache.org on 2019/10/07 22:57:32 UTC
[sling-org-apache-sling-xss] branch master updated: SLING-8771 XSS Configuration should allow the HTML5 figure and figcaption tags

This is an automated email from the ASF dual-hosted git repository.

enorman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-xss.git


The following commit(s) were added to refs/heads/master by this push:
     new 1401b70  SLING-8771 XSS Configuration should allow the HTML5 figure and figcaption tags
1401b70 is described below

commit 1401b70148bacdc4a6667d7fbc4984e801c0efb5
Author: Eric Norman <en...@apache.org>
AuthorDate: Mon Oct 7 15:56:42 2019 -0700

    SLING-8771 XSS Configuration should allow the HTML5 figure and
    figcaption tags
---
 src/main/resources/SLING-INF/content/config.xml        |  4 ++++
 .../org/apache/sling/xss/impl/AntiSamyPolicyTest.java  | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/src/main/resources/SLING-INF/content/config.xml b/src/main/resources/SLING-INF/content/config.xml
index dccd890..1223b22 100644
--- a/src/main/resources/SLING-INF/content/config.xml
+++ b/src/main/resources/SLING-INF/content/config.xml
@@ -1170,6 +1170,10 @@ http://www.w3.org/TR/html401/struct/global.html
             </attribute>
         </tag>
 
+        <!-- SLING-8771 - HTML5 figure and figcaption http://html5doctor.com/the-figure-figcaption-elements/ -->
+        <tag name="figure" action="validate"/>
+        <tag name="figcaption" action="validate"/>
+
     </tag-rules>
 
 
diff --git a/src/test/java/org/apache/sling/xss/impl/AntiSamyPolicyTest.java b/src/test/java/org/apache/sling/xss/impl/AntiSamyPolicyTest.java
index 53e8fa1..a477fe4 100644
--- a/src/test/java/org/apache/sling/xss/impl/AntiSamyPolicyTest.java
+++ b/src/test/java/org/apache/sling/xss/impl/AntiSamyPolicyTest.java
@@ -200,6 +200,24 @@ public class AntiSamyPolicyTest {
         }
     }
 
+    
+    /**
+     * Test to verify the fix for SLING-8771 - XSS Configuration should allow the HTML5 figure and figcaption tags
+     */
+    @Test
+    public void testIssueSLING8771() throws Exception {
+    	    	
+        TestInput[] tests = new TestInput[]{
+                new TestInput("<figure class=\"image\"><img src=\"/logo.jpg\"><figcaption>Caption Here</figcaption></figure>", 
+                			   "<figure", true),
+                new TestInput("<figure class=\"image\"><img src=\"/logo.jpg\"><figcaption>Caption Here</figcaption></figure>", 
+         			   "<figcaption", true),
+        };
+        for (TestInput testInput : tests) {
+            testOutputContains(testInput.input, testInput.expectedPartialOutput, testInput.containsExpectedPartialOutput);
+        }
+    }
+    
     private void testOutputContains(String input, String containedString, boolean contains) throws Exception {
         testOutputContains(input, containedString, contains, false);
     }