Details
-
Improvement
-
Resolution: Done
-
Neutral
-
6.2.22
-
None
-
Empty show more show less
-
Yes
-
Yes
-
Nucleus 22
-
3
Description
Currently customers facing difficulties when using RichText Editor due to our newly introduced Global Validators - SafeHtmlValidatorDefinition.
Customer need to decorate "/ui-framework-core/config.yaml" to allow some basic attributes such as "class" and "style" for mostly usage tags such as "p" and "h1,h2,h3,h4".
Please improve this by adding as much as possible tags and attributes that does not an attack vector for XSS.
Customer don't want to "workaround" in this case due to overlapping of the workaround and future improvement. Also applying any "workaround" would bear with it the maintenance costs from customers side.
There were expectations to made this natively supported by us.
Expected result:
High frequently usage tags and attributes should have been in place in "/ui-framework-core/config.yaml" for normal usage.
Checklists
Attachments
Issue Links
- is depended upon by
-
MGNLUI-7337 Magnolia 6.3 - Port SafeHtmlValidator from M6.2
-
- Closed
-
1.
|
Implementation |
|
Completed | Quach Hao Thien | ||||||||
2.
|
Review |
|
Completed | Sang Ngo Huu |
|
|||||||
3.
|
Pre-Integration QA |
|
Completed | Sang Ngo Huu |
|
|||||||
4.
|
QA |
|
Closed | AntonĂn Juran | ||||||||
5.
|
Update docu: introduce new property globallyAllowedAttributes |
|
Completed | Quach Hao Thien |
