[jira] [Commented] (SLING-7024) Sightly doesn't allow to emit style or on event attributes for `data-sly-attribute`

Mon, 31 Jul 2017 08:46:24 -0700 

    [ 
https://issues.apache.org/jira/browse/SLING-7024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16107456#comment-16107456
 ] 

Radu Cotescu commented on SLING-7024:
-------------------------------------

There are a few issues here:

# there's no {{style-token}} display context; you're probably referring to 
{{styleToken}}, but even so your string is not a token according to the CSS 
specification - https://www.w3.org/TR/css-syntax-3/;
# if you need to output sensible attributes based on use objects you could do 
it directly with an expression, though it is also not recommended to do so; 
it's more elegant for example to use HTL to decide which classes to apply to an 
element, rather than to provide dynamic styling; with expressions you'd have to 
use the {{unsafe}} context, which is a last resort;
# the same limitation applies to multiple attributes - see the attached 
screenshot

I would argue that this is at most a specification omission.

> Sightly doesn't allow to emit style or on event attributes for 
> `data-sly-attribute`
> -----------------------------------------------------------------------------------
>
>                 Key: SLING-7024
>                 URL: https://issues.apache.org/jira/browse/SLING-7024
>             Project: Sling
>          Issue Type: Bug
>          Components: Scripting
>    Affects Versions: Scripting HTL Compiler 1.0.8
>            Reporter: Konrad Windszus
>            Assignee: Radu Cotescu
>         Attachments: Screenshot 2017-07-31 17.41.51.png
>
>
> For the following Sightly script
> {code}
> <a data-sly-attribute.style="${'background-color: #00ff00' @ 
> context='style-token'}"></a>
> {code}
> The generated a element will not contain a style attribute.
> Instead the following error is emitted in the log
> {code}
> 31.07.2017 09:26:12.448 *WARN* [172.19.0.1 [1501493172400] GET /<some URL> 
> HTTP/1.1] org.apache.sling.scripting.sightly.impl.engine.SightlyScriptEngine 
> Script <some script path> 11:32: ${'background-color: #00ff00' @ 
> context='style-token'}: Refusing to generate attribute 'style' for security 
> reasons.
> {code}
> This is unexpected as neither the HTL spec 
> (https://github.com/Adobe-Marketing-Cloud/htl-spec/blob/master/SPECIFICATION.md#223-attribute)
>  nor the adobe documentation at 
> https://docs.adobe.com/docs/en/htl/docs/block-statements.html#attribute 
> mentions that. Please either document that or rather lift that limitation.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to