Author |
Message |
27/07/2018 13:37:32
|
levy
Power User
Joined: 12/03/2008 16:38:22
Messages: 308
Location: XpertCenter
Offline
|
Hi Björn
It is well known that since update 20180522, the HTML sent to the SIMPLEHTMLEDITOR is sanitized (by default).
Now I have traced that a simple <a href="http://www.google.ch"> is removed (only) when avoidsanitizing=false.
It is quite heavy to do without sanitizing only because of this.
What do you think about?
Regards, Daniel
|
|
|
27/07/2018 14:01:30
|
CaptainCasa
Power User
Joined: 21/11/2007 12:23:06
Messages: 5519
Offline
|
Well, sanitizing algorithms are and have to be rigid. - There is not intention on my side to change some trusted algorithm (coming from Google) which is used internally, otherwise we are made guilty for violations..
If this is too rigid, then switch sanitizing off (via control attribute) and apply own rules for sanitizing on server side (check/update the text before it is sent to the client).
Regards, Björn
|
Björn Müller, CaptainCasa GmbH |
|
|
16/08/2018 10:45:20
|
levy
Power User
Joined: 12/03/2008 16:38:22
Messages: 308
Location: XpertCenter
Offline
|
Hi Björn
What about t:textwithlinks (RISC)?
In this case, the hyperlink is kept although avoidsanitizing=false.
Is the attribute "avoidsanitizing" effective for t:textwithlinks?
If effective, how?
Regards, Daniel
|
|
|
|