分类: LINUX
2011-07-17 14:30:03
The Redmine developers turned off Textile inline styles because of a security risk with XSS attacks. I explain below how to turn the inline styles back on if your Redmine server is protected from unauthorized access. I would suggest keeping textile styles off if your Redmine server has public access. The main point of this article is to point out that the styling such as background colors, css, table borders, cell borders, etc. is turned off by default.
If you do decide to turn inline styles back on using the information below then here is a note from the Textile Reference Manual ():
“Developers can easily include Textile in any web application that accepts user input for display on web pages. Textile supports UTF-8 input, and produces valid XHTML. A “Restricted” mode is available for processing input from untrusted users, where invalid input and XSS attacks are a risk”
To turn the styling back on simply modify the below statement which
is located in the formatter.rb file which resides in the
Line #33: Textile Inline Styles Off:
| 1 | self.filter_styles=true |
Line #33: Textile Inline Styles On:
| 1 | self.filter_styles=false |
Now with the inline styles turned back on you can add lines like the below in Textile input boxes and the formatting will appear correctly.
Example Textile Formatting With Inline Style:
| 1 | table{border:1px solid black}. |
| 2 | {background:#999}. |_. Column One |_. Column Two|_. Column Three| |
| 3 | {background:#333}. |Row One|Row One|Row One | |
| 4 | {background:#666}. |Row TwoRow Two |Row Two | |
