-
Bug
-
Resolution: Not an issue
-
Neutral
-
6.1
-
None
-
-
Empty show more show less
-
UI Framework 6
-
3
Notifications and alerts often contain HTML formatted text. Currently this seems not to be always supported by Magnolia (IIRC, Vaadin now disallows html content by default for security reasons). See attachment. More examples can be found in the two tickets linked as duplicate.
After proper text sanitisation on the server side, it should be safe to allow HTML content. Sanitisation is important here because the text displayed may partly come from the client and contain malicious executable code.
Â
See info.magnolia.ui.AlertBuilder and info.magnolia.admincentral.ResurfaceShell#openNotification (for legacy notifs)
- is duplicated by
-
MAGNOLIA-7427 Line breaks are displayed as <br> in some ui elements
- Closed
-
MGNLUI-5331 DAM Upload Success/Error popup
- Closed
- is related to
-
MGNLUI-4760 Resurface: Inline HTML leaks into messages
- Closed
- relates to
-
MGNLUI-4608 Inline HTML leaks into language chooser tooltip
- Closed