[Rt-commit] rt branch, 4.2-trunk, updated. rt-4.2.3-172-g6fb9661
Alex Vandiver
alexmv at bestpractical.com
Thu May 1 11:52:50 EDT 2014
The branch, 4.2-trunk has been updated
via 6fb96618d223306c72070ab701925ba44439fd5e (commit)
from 8cda28aff0bd1406084782fb43be805fdf2a04f1 (commit)
Summary of changes:
lib/RT/Interface/Web.pm | 1 +
1 file changed, 1 insertion(+)
- Log -----------------------------------------------------------------
commit 6fb96618d223306c72070ab701925ba44439fd5e
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Wed Apr 30 17:56:03 2014 -0400
There is no threat to allowing the "color" attribute; it is allowed via CSS
Resolves I#28389.
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index f2cb21b..439255c 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -3927,6 +3927,7 @@ our %SCRUBBER_ALLOWED_ATTRIBUTES = (
href => qr{^(?:https?:|ftp:|mailto:|/|__Web(?:Path|HomePath|BaseURL|URL)__)}i,
face => 1,
size => 1,
+ color => 1,
target => 1,
style => qr{
^(?:\s*
-----------------------------------------------------------------------
More information about the rt-commit
mailing list