[MGNLUI-7422] Configure default SafeHtmlValidatorDefinition to support globallyAllowedAttributes Created: 15/Aug/22  Updated: 07/Nov/22  Resolved: 02/Nov/22

Status: Closed
Project: Magnolia UI
Component/s: None
Affects Version/s: 6.2.22
Fix Version/s: 6.2.26

Type: Improvement Priority: Neutral
Reporter: Viet Nguyen Assignee: Quach Hao Thien
Resolution: Done Votes: 1
Labels: RichTextField, VN-Analysis
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: 4d 4.5h Time Spent: 3d 4.5h
Σ Original Estimate: Not Specified Original Estimate: Not Specified

Issue Links:
causality
dependency
is depended upon by MGNLUI-7337 Magnolia 6.3 - Port SafeHtmlValidator... Closed
relation
Sub-Tasks:
Key
Summary
Type
Status
Assignee
MGNLUI-7423 Implementation Sub-task Completed Quach Hao Thien  
MGNLUI-7424 Review Sub-task Completed Sang Ngo Huu  
MGNLUI-7425 Pre-Integration QA Sub-task Completed Sang Ngo Huu  
MGNLUI-7426 QA Sub-task Closed Antonín Juran  
MGNLUI-7594 Update docu: introduce new property g... Sub-task Completed Quach Hao Thien  
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Release notes required:
Yes
Documentation update required:
Yes
Date of First Response:
Epic Link: richTextField HTML validation
Sprint: Nucleus 22
Story Points: 3
Team: Nucleus

 Description   

Currently customers facing difficulties when using RichText Editor due to our newly introduced Global Validators - SafeHtmlValidatorDefinition.
Customer need to decorate "/ui-framework-core/config.yaml" to allow some basic attributes such as "class" and "style" for mostly usage tags such as "p" and "h1,h2,h3,h4".

Please improve this by adding as much as possible tags and attributes that does not an attack vector for XSS.
Customer don't want to "workaround" in this case due to overlapping of the workaround and future improvement. Also applying any "workaround" would bear with it the maintenance costs from customers side.

There were expectations to made this natively supported by us.
Expected result:
High frequently usage tags and attributes should have been in place in "/ui-framework-core/config.yaml" for normal usage.


Generated at Mon Feb 12 09:46:02 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.