[MGNLUI-7379] Global validator SafeHtmlValidatorDefinition should accept HTML comment block Created: 25/Jul/22  Updated: 03/Nov/22  Resolved: 17/Oct/22

Status: Closed
Project: Magnolia UI
Component/s: None
Affects Version/s: 6.2.21
Fix Version/s: 6.2.26

Type: Improvement Priority: Neutral
Reporter: Viet Nguyen Assignee: Sang Ngo Huu
Resolution: Fixed Votes: 1
Labels: None
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: 2d Time Spent: Not Specified
Σ Original Estimate: Not Specified Original Estimate: Not Specified

Issue Links:
Cloners
is cloned by MGNLUI-7570 Magnolia 6.3 - Global validator SafeH... Closed
causality
caused by MGNLUI-7285 richTextField HTML validation Selected
Sub-Tasks:
Key
Summary
Type
Status
Assignee
MGNLUI-7566 Provide Pr Sub-task Completed Sang Ngo Huu  
MGNLUI-7567 Review PR Sub-task Completed Quach Hao Thien  
MGNLUI-7568 Pre-int QA Sub-task Completed Quach Hao Thien  
MGNLUI-7569 QA Sub-task Completed Adam Siska  
MGNLUI-7573 Make sure conditional comments are va... Sub-task Completed Adam Siska  
MGNLUI-7574 Add check whether comment contains co... Sub-task Completed Sang Ngo Huu  
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Testcase included:
Yes
Release notes required:
Yes
Date of First Response:
Epic Link: richTextField HTML validation
Sprint: Nucleus 21
Story Points: 3
Team: Nucleus

 Description   

Steps to reproduce

  1.  Enable source mode for any Rich Text Field
  2.  Put an HTML comment into "source" mode with some valid text and tags
  3. Save the component

.. Logs, screenshots, gifs...

Expected results

  • Content save without any error

.. Justify non-trivial expectations with a link to a doc or a relevant discussion.

Actual results

  • Users cannot save content, "Malicious HTML code found" validation error occurred.

Workaround

  • Please ask users/customers to temporarily remove the comment(s) from your HTML by using any HTML editor / online editor tool for that.

Development notes

  • N/A


 Comments   
Comment by Richard Gange [ 25/Oct/22 ]

FTR: Conditional comments are still not allowed.

<!--[if expression]> <script/><![endif]-->

This will trigger the warning.

Generated at Mon Feb 12 09:45:38 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.