diff --git a/modules/markup/sanitizer.go b/modules/markup/sanitizer.go index c0b449ea5b..c40a3c6b65 100644 --- a/modules/markup/sanitizer.go +++ b/modules/markup/sanitizer.go @@ -111,8 +111,8 @@ func createDefaultPolicy() *bluemonday.Policy { // Allow icons, emojis, chroma syntax and keyword markup on span policy.AllowAttrs("class").Matching(regexp.MustCompile(`^((icon(\s+[\p{L}\p{N}_-]+)+)|(emoji)|(language-math display)|(language-math inline))$|^([a-z][a-z0-9]{0,2})$|^` + keywordClass + `$`)).OnElements("span") - // Allow 'color' and 'background-color' properties for the style attribute on text elements. - policy.AllowStyles("color", "background-color").OnElements("span", "p") + // Allow 'color' and 'background-color' properties for the style attribute on text elements and table cells. + policy.AllowStyles("color", "background-color").OnElements("span", "p", "th", "td") // Allow classes for file preview links... policy.AllowAttrs("class").Matching(regexp.MustCompile("^(lines-num|lines-code chroma)$")).OnElements("td") diff --git a/modules/markup/sanitizer_test.go b/modules/markup/sanitizer_test.go index b7b8792bd7..56b2fcf474 100644 --- a/modules/markup/sanitizer_test.go +++ b/modules/markup/sanitizer_test.go @@ -47,8 +47,10 @@ func Test_Sanitizer(t *testing.T) { // Color property `Hello World`, `Hello World`, - `
Hello World
`, `Hello World
`, + `Hello World
`, `Hello World
`, + `TH1 | TH2 | TH3 |
---|---|---|
TD1 | TD2 | TD3 |
TH1 | TH2 | TH3 |
---|---|---|
TD1 | TD2 | TD3 |
Hello World
`, `Hello World
`,
+ `Hello World
`, `Hello World
`,
`Hello World`, `Hello World`,
`Hello World
`, `Hello World
`, `Hello World
`, `Hello World
`,