[MGNLUI-7284] Global field validators configuration Created: 22/Jun/22 Updated: 22/Aug/22 Resolved: 06/Jul/22 |
|
| Status: | Closed |
| Project: | Magnolia UI |
| Component/s: | None |
| Affects Version/s: | 6.2.20 |
| Fix Version/s: | 6.2.21 |
| Type: | New Feature | Priority: | Neutral |
| Reporter: | Jonathan Ayala | Assignee: | Roman Kovařík |
| Resolution: | Done | Votes: | 0 |
| Labels: | VN-Implementation, VN-Testing | ||
| Σ Remaining Estimate: | Not Specified | Remaining Estimate: | Not Specified |
| Σ Time Spent: | 5d 7.5h | Time Spent: | 1d 2.5h |
| Σ Original Estimate: | Not Specified | Original Estimate: | Not Specified |
| Attachments: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Issue Links: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Sub-Tasks: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Template: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Release notes required: |
Yes
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Date of First Response: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Epic Link: | richTextField HTML validation | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Sprint: | Nucleus 13, Nucleus 14 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Story Points: | 5 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Team: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description |
|
Due to the introduction of SafeHtmlValidator in Magnolia 6.2.20, there are validation errors for some tags that are not included in the validator but are needed by the users. Reproduce
Expected Actual Notes Workaround
validators:
allowAny:
$type: null
Fix |
| Comments |
| Comment by Roman Kovařík [ 27/Jun/22 ] |
|
| Comment by Roman Kovařík [ 04/Jul/22 ] |
|
Script to find JCR properties which would not pass the validation (global config): workspace = "website" propertyName = "text" import info.magnolia.objectfactory.*; import info.magnolia.ui.field.*; import info.magnolia.ui.dialog.*; definition = new SafeHtmlValidatorDefinition() definition.setErrorMessage("Malicious HTML") validator = Components.newInstance(SafeHtmlValidatorFactory.class, definition).createValidator(); MgnlContext.getJCRSession(workspace) .getWorkspace() .getQueryManager() .createQuery("select * from [mgnl:component] as t where t." + propertyName + " is not null", "JCR-SQL2") .execute() .getNodes() .each(node -> { String html = node.getProperty(propertyName).getString(); if (validator.apply(html, null).isError()) { println(node.path + "/" + propertyName) println(html) println() } })
|
| Comment by Kenton Horton [ 07/Jul/22 ] |
|
Where and how do I set the validators to rich-text field to null? |
| Comment by Roman Kovařík [ 08/Jul/22 ] |
|
Hi khorton, The global validators are documented here. You can remove the richTextField validators like this: /<light-module-folder>/decorations/ui-framework-core/config.yaml: defaultFieldValidators: info.magnolia.ui.field.RichTextFieldDefinition: !override Roman |
| Comment by Antony Hutchison [ 11/Aug/22 ] |
|
This appears to remain an issue in 6.2.21. It still rejects straightforward, common, non-malicious markup such as
<p class="p-large">...</p>
following an upgrade from 6.2.19 to 6.2.21 Edit: Also 6.2.22. I'm concluding there must be some custom code that triggers this. |
| Comment by Sang Ngo Huu [ 12/Aug/22 ] |
|
Hi ahutchison, Attribute class of p tag is not a default one which generated by CKeditor. It can be created by pasting from html script or editing from source mode. Currently, the validator only supports the tags and attributes are generated by CKEditor. If you have a customized attributes, tags, you have to configure it to global validator by decorating it. (see comment from Roman above) Please let me know if you have more concerns |
| Comment by Kenton Horton [ 22/Aug/22 ] |
|
Hey Roman, I am wanting to remove the RichTextFieldDefinition validation completely. How can I do this? Basically I am trusting our users and wanting to allow anything to be input into the CKEditor. |
| Comment by Roman Kovařík [ 22/Aug/22 ] |
|
Hey, you can either hotfix the default config and remove the validator https://demo.magnolia-cms.com/.magnolia/admincentral#app:resources:edit;/ui-framework-core/config.yaml:edit Or provide a decoration in your light module as described in this comment: https://jira.magnolia-cms.com/browse/MGNLUI-7284?focusedCommentId=314321&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-314321 Roman |