sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Konrad Windszus (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SLING-7024) Sightly doesn't allow to emit style attributes for `data-sly-attribute`
Date Mon, 31 Jul 2017 09:55:00 GMT

    [ https://issues.apache.org/jira/browse/SLING-7024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16107060#comment-16107060
] 

Konrad Windszus commented on SLING-7024:
----------------------------------------

Also the same limitation doesn't apply if multiple attributes are set at the same time, i.e.
for the case when {{attributeName}} is {{null}} in https://github.com/apache/sling/blob/4df9ab2d6592422889c71fa13afd453a10a5a626/bundles/scripting/sightly/compiler/src/main/java/org/apache/sling/scripting/sightly/impl/plugin/AttributePlugin.java#L71.

> Sightly doesn't allow to emit style attributes for `data-sly-attribute`
> -----------------------------------------------------------------------
>
>                 Key: SLING-7024
>                 URL: https://issues.apache.org/jira/browse/SLING-7024
>             Project: Sling
>          Issue Type: Bug
>          Components: Scripting
>    Affects Versions: Scripting HTL Compiler 1.0.8
>            Reporter: Konrad Windszus
>            Assignee: Radu Cotescu
>
> For the following Sightly script
> {code}
> <a data-sly-attribute.style="${'background-color: #00ff00' @ context='style-token'}"></a>
> {code}
> The generated a element will not contain a style attribute.
> Instead the following error is emitted in the log
> {code}
> 31.07.2017 09:26:12.448 *WARN* [172.19.0.1 [1501493172400] GET /<some URL> HTTP/1.1]
org.apache.sling.scripting.sightly.impl.engine.SightlyScriptEngine Script <some script
path> 11:32: ${'background-color: #00ff00' @ context='style-token'}: Refusing to generate
attribute 'style' for security reasons.
> {code}
> This is unexpected as neither the HTL spec (https://github.com/Adobe-Marketing-Cloud/htl-spec/blob/master/SPECIFICATION.md#223-attribute)
nor the adobe documentation at https://docs.adobe.com/docs/en/htl/docs/block-statements.html#attribute
mentions that. Please either document that or rather lift that limitation.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message