diff --git a/src/main/java/org/owasp/html/Sanitizers.java b/src/main/java/org/owasp/html/Sanitizers.java index ed6f4d93..863ed4a8 100644 --- a/src/main/java/org/owasp/html/Sanitizers.java +++ b/src/main/java/org/owasp/html/Sanitizers.java @@ -93,6 +93,7 @@ public final class Sanitizers { .onElements("table", "tr", "td", "th", "colgroup", "col", "thead", "tbody", "tfoot") + .allowAttributes("colspan").onElements("td", "th) .allowTextIn("table") // WIDGY .toFactory(); diff --git a/src/test/java/org/owasp/html/SanitizersTest.java b/src/test/java/org/owasp/html/SanitizersTest.java index 5841adad..7bd41100 100644 --- a/src/test/java/org/owasp/html/SanitizersTest.java +++ b/src/test/java/org/owasp/html/SanitizersTest.java @@ -434,6 +434,24 @@ public static final void testStyleTagInTable() { pf.sanitize(input)); } + @Test + public static final void testColspanAttributeInTable() { + String input = "" + + "" + + "" + + "" + + "
Foo
Bar
"; + PolicyFactory pf = Sanitizers.BLOCKS + .and(Sanitizers.FORMATTING) + .and(Sanitizers.TABLES); + assertEquals( + "" + + "" + + "" + + "
Foo
Bar
", + pf.sanitize(input)); + } + static int fac(int n) { int ifac = 1; for (int i = 1; i <= n; ++i) {