-
Bug
-
Resolution: Won't Fix
-
Medium
-
None
-
2.7, 2.7.1
-
None
we are heavily using the panel-macro in our 2.5.* instance and are using of course parameters.
When i upgraded a testinstance to 2.7 it seems that css2 has a big problem with case-sensitive values. I have two points which are not very smooth:
- keys which the macro dont knows are just ignored
- values which are correct but case sensitive wrong are printed as failure (as you can see on the attached screenshot
a "fix" would be good as i cant scan my whole instance for macros which have this problem, or can i?
I also wrote a support request at https://support.atlassian.com/browse/CSP-14100 but there it was stated as not supported customization (am i doing something wrong here), at least i didnt get to it.
[CONFSERVER-10448] New CSS2 checking breaks with current values
Frank Stiller
added a comment - Well i could not make myself clear enough, i tried to ask whether its possible to write something like this:
{panel:someValue=1|borderStyle=non}
asdasd
{panel}
In this example he brings the raised Error Message, not valid CSS2 ... Now of course after some digging you find out what part is problematic, maybe its case sensitive problem, maybe the value is wrong (what is the case here).
Additionally i wrote some attribute which isnt checked by the macro. But i cant find out about ignored parameters, right? (that was my main point)
The other thing "More Clearly" what is the problem would also be great. But as i already wrote plugins myself, i guess that its always a implementation issue of the macro/plugin and not the host, or am i wrong?
Frank Stiller
added a comment - Well i could not make myself clear enough, i tried to ask whether its possible to write something like this:
{panel:someValue=1|borderStyle=non}
asdasd
{panel}
In this example he brings the raised Error Message, not valid CSS2 .. . Now of course after some digging you find out what part is problematic, maybe its case sensitive problem, maybe the value is wrong (what is the case here).
Additionally i wrote some attribute which isnt checked by the macro. But i cant find out about ignored parameters, right? (that was my main point)
The other thing "More Clearly" what is the problem would also be great. But as i already wrote plugins myself, i guess that its always a implementation issue of the macro/plugin and not the host, or am i wrong? Hi Frank,
Isn't the current highlighting of the error sufficient?
How else would notification be possible?
Would a log message be desirable?
Frank Stiller
added a comment - Hy Andrew,
not that important, i guess, running 2.10 currently without any mentioning of this "defect". I think a replace in the database (or the xml extract) has been done borderstyle => borderStyle. So that was the workaround.
Is there any chance to get notified if a parameter of a macro is ignored?
cheers
Frank
Frank Stiller
added a comment - Hy Andrew,
not that important, i guess, running 2.10 currently without any mentioning of this "defect". I think a replace in the database (or the xml extract) has been done borderstyle => borderStyle. So that was the workaround.
Is there any chance to get notified if a parameter of a macro is ignored?
cheers
Frank Hi Frank,
Sorry this didn't receive any attention for so long. Is this still an issue for you?
Regards,
Andrew Lynch
Frank Stiller
added a comment - i see the point. Thanks Paul.
This will be fixed easily by replacing this values, if i know them. Can you give me a hint whether it is possible to get a css2 check for every page of confluence? because all other would be to check it manually or by user reporting (which would let a lot of css2-failure message pages).
cheers
Frank
Frank Stiller
added a comment - i see the point. Thanks Paul.
This will be fixed easily by replacing this values, if i know them. Can you give me a hint whether it is possible to get a css2 check for every page of confluence? because all other would be to check it manually or by user reporting (which would let a lot of css2-failure message pages).
cheers
Frank Hi Frank. This checking is actually vital - it was put in place to resolve numerous XSS security vulnerabilities as described in this defect.
Ideally, you should only be using valid CSS border-style values for your 'borderStyle' setting but we will investigate whether it is possible to have the panel macro safely ignore the case of the attribute.
Frank Stiller
added a comment - As we want to update our confluence in the next time, is there any workaround to disable this (useless?) new case sensitive checking?
Frank Stiller
added a comment - As we want to update our confluence in the next time, is there any workaround to disable this (useless?) new case sensitive checking? 
Hi There
Thanks for taking the time to raise this issue. As you are no doubt aware this issue has been on our backlog for some time now with very little progress being made in that time. Rather than leave this issue I'm going to close it our as won't fix. I believe that this better reflects the status of this issue.
Regards
Steve Haffenden
Confluence Bugmaster