Default table alignment triggers common Content Security Policy

[rtfmkiesel]

The default option for table alignments is 'left'. Would it be possible to exclude the style attribute altogether, if no : is used to indicate the alignment?

Having inline style tags triggers a CSP which does not allow for style-src 'unsafe-inline';.

---

What version of Hugo are you using (hugo version)?

$ hugo version
hugo v0.135.0-f30603c47f5205e30ef83c70419f57d7eb7175ab+extended windows/amd64 BuildDate=2024-09-27T13:17:08Z VendorInfo=gohugoio

Does this issue reproduce with the latest release?

Yes

[jmooring]

This is a duplicate of #12886 which is resolved by #12889.

You can also control rendering of Markdown tables by creating a render hook. This will allow you to set left/right/center classes instead of using inline styles.

[rtfmkiesel]

Thanks for the fast response, but it's not quite the issue I am describing.

Using your branch, I get the HTML of <td style=text-align:>test</td> when no : is used. This still triggers the CSP. The complete style attribute would need to be left out. Now, it's just an invalid style attribute.

Output: <td style=text-align:>test</td>
Expected: <td>test</td>

Applied wrong patch, ignore

[rtfmkiesel]

The render hook workaround works, thanks for the hint!

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.