Richard Feldman (Mar 11 2023 at 21:46): Richard Feldman (Mar 11 2023 at 21:46):I see some <th style="text-align: center">s in our /tutorial, also in some <td>s. This is a problem because our content-security policy on the website prohibits inline styles, so if you open the browser inspector on https://www.roc-lang.org/builtins/List right now, there are 30 errors for content-security violations (and also those inline styles are being ignored)
Richard Feldman (Mar 11 2023 at 21:47):I don't see any instances of text-align in our source code outside .css files (where it's fine), so this is presumably coming from a third-party library (e.g. one that generates tables from markdown possibly?)
Richard Feldman (Mar 11 2023 at 21:47):does anyone know where that might be happening?
Fabian Schmalzried (Mar 11 2023 at 22:38):It' gfm tables: https://github.github.com/gfm/#tables-extension-
And how it is implemented in pulldown-cmark: https://github.com/raphlinus/pulldown-cmark/blob/5c7881c45c1b9cb35e8c9417f09521f7a517b8cf/src/html.rs#L197
Quick fix would be to remove the : in the markdown table delimiter rows.
Richard Feldman (Mar 11 2023 at 22:43):oh nice! Want to open a PR for that? :smiley:
Fabian Hoffmann (Mar 11 2023 at 23:07):(deleted)
Fabian Schmalzried (Mar 11 2023 at 23:10):I can probably do it on Monday. Or someone else is faster.
Richard Feldman (Mar 12 2023 at 00:13):awesome, thank you for taking it on! :heart:
Luke Boswell (Mar 12 2023 at 01:48):I can do it later this arvo. I'll add it to the fix for colors and some other updates I have queued for tutorial.
Luke Boswell (Mar 12 2023 at 06:13):Here is the PR #5123 which should fix it. I can see the styles are removed, but not sure how to see if it still has security violations.
Richard Feldman (Mar 12 2023 at 10:31):yeah it's tricky unfortunately - you have to set up a whole local server with that same content security policy
Last updated: Jul 05 2025 at 12:14 UTC