// Allow icons, emojis, chroma syntax and keyword markup on span
policy.AllowAttrs("class").Matching(regexp.MustCompile(`^((icon(\s+[\p{L}\p{N}_-]+)+)|(emoji))$|^([a-z][a-z0-9]{0,2})$|^` + keywordClass + `$`)).OnElements("span")
+ // Allow 'style' attribute on text elements.
+ policy.AllowAttrs("style").OnElements("span", "p")
+
+ // Allow 'color' property for the style attribute on text elements.
+ policy.AllowStyles("color").OnElements("span", "p")
+
// Allow generally safe attributes
generalSafeAttrs := []string{
"abbr", "accept", "accept-charset",
`<input type="checkbox" disabled=""/>unchecked`, `<input type="checkbox" disabled=""/>unchecked`,
`<span class="emoji dropdown">NAUGHTY</span>`, `<span>NAUGHTY</span>`,
`<span class="emoji">contents</span>`, `<span class="emoji">contents</span>`,
+
+ // Color property
+ `<span style="color: red">Hello World</span>`, `<span style="color: red">Hello World</span>`,
+ `<p style="color: red">Hello World</p>`, `<p style="color: red">Hello World</p>`,
+ `<code style="color: red">Hello World</code>`, `<code>Hello World</code>`,
+ `<span style="bad-color: red">Hello World</span>`, `<span>Hello World</span>`,
+ `<p style="bad-color: red">Hello World</p>`, `<p>Hello World</p>`,
+ `<code style="bad-color: red">Hello World</code>`, `<code>Hello World</code>`,
}
for i := 0; i < len(testCases); i += 2 {
projects / gitea.git / commitdiff