From d873d11f531c8956c2f7eb57a032b5662cb21f29 Mon Sep 17 00:00:00 2001
From: Brian Krische <1189328+krische@users.noreply.github.com>
Date: Thu, 16 Apr 2020 08:42:04 -0500
Subject: [PATCH 1/2] Allow colspan attribute on td and th elements
---
src/main/java/org/owasp/html/Sanitizers.java | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/main/java/org/owasp/html/Sanitizers.java b/src/main/java/org/owasp/html/Sanitizers.java
index ed6f4d93..863ed4a8 100644
--- a/src/main/java/org/owasp/html/Sanitizers.java
+++ b/src/main/java/org/owasp/html/Sanitizers.java
@@ -93,6 +93,7 @@ public final class Sanitizers {
.onElements("table", "tr", "td", "th",
"colgroup", "col",
"thead", "tbody", "tfoot")
+ .allowAttributes("colspan").onElements("td", "th)
.allowTextIn("table") // WIDGY
.toFactory();
From 65b452c2cf8ccda7a30b68dce0750cd7899c77f6 Mon Sep 17 00:00:00 2001
From: Brian Krische <1189328+krische@users.noreply.github.com>
Date: Thu, 16 Apr 2020 08:45:27 -0500
Subject: [PATCH 2/2] Add colspan test
---
.../java/org/owasp/html/SanitizersTest.java | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/src/test/java/org/owasp/html/SanitizersTest.java b/src/test/java/org/owasp/html/SanitizersTest.java
index 5841adad..7bd41100 100644
--- a/src/test/java/org/owasp/html/SanitizersTest.java
+++ b/src/test/java/org/owasp/html/SanitizersTest.java
@@ -434,6 +434,24 @@ public static final void testStyleTagInTable() {
pf.sanitize(input));
}
+ @Test
+ public static final void testColspanAttributeInTable() {
+ String input = ""
+ + ""
+ + "| Foo |
|---|
"
+ + "| Bar |
"
+ + "
";
+ PolicyFactory pf = Sanitizers.BLOCKS
+ .and(Sanitizers.FORMATTING)
+ .and(Sanitizers.TABLES);
+ assertEquals(
+ ""
+ + "| Foo |
|---|
"
+ + "| Bar |
"
+ + "
",
+ pf.sanitize(input));
+ }
+
static int fac(int n) {
int ifac = 1;
for (int i = 1; i <= n; ++i) {