I construct email alerts in elasticsearch watcher using HTML and I have also configured to sanitize following html tags in elasticsearch.yml
watcher.actions.email.html.sanitization:
allow: _tables, _blocks, _formatting, _links, _styles
But in my alerts, I see the table is constructed but the table attributes were not considered while constructing the table. For example, the border, cellpadding and colspan were never applied on my table. Table example given below
<table border='1' cellpadding='5' style='font-family:sans-serif;font-size:13px'><thead><tr><th>Type</th><th colspan='5'>Version</th></tr></thead><tbody> etc.
I can still achieve it by completely disabling the HTML sanitization like below, but it was not recommended as it involved security risks.
watcher.actions.email.html.sanitization.enabled: false
I have even tried to use allow: _tables:all, but it didn't work and it doesn't seem to be the right thing.
Is there a way to achieve it by enabling only few tags along with it's attributes?
As per discussion from elastic forum
Right now border and cellpadding attributes are always dropped. You can get the style attribute working by allowing _styles in the sanitizer config.