[Logo] Enterprise Client Community
  [Search] Search   [Recent Topics] Recent Topics   [Members]  Member Listing   [Groups] Back to home page 
[Register] Register /  [Login] Login 
SIMPLEHTMLEDITOR sanitizes href  XML
Forum Index -> Development
Author Message
[Post New]27/07/2018 13:37:32
    Subject: SIMPLEHTMLEDITOR sanitizes href
[Up]
levy

Power User

Joined: 12/03/2008 16:38:22
Messages: 308
Location: XpertCenter
Offline
Hi Björn

It is well known that since update 20180522, the HTML sent to the SIMPLEHTMLEDITOR is sanitized (by default).

Now I have traced that a simple <a href="http://www.google.ch"> is removed (only) when avoidsanitizing=false.

It is quite heavy to do without sanitizing only because of this.

What do you think about?

Regards, Daniel
[WWW]
[Post New]27/07/2018 14:01:30
    Subject: Re:SIMPLEHTMLEDITOR sanitizes href
[Up]
CaptainCasa

Power User
[Avatar]

Joined: 21/11/2007 12:23:06
Messages: 5519
Offline
Well, sanitizing algorithms are and have to be rigid. - There is not intention on my side to change some trusted algorithm (coming from Google) which is used internally, otherwise we are made guilty for violations..

If this is too rigid, then switch sanitizing off (via control attribute) and apply own rules for sanitizing on server side (check/update the text before it is sent to the client).

Regards, Björn
Björn Müller, CaptainCasa GmbH
[Post New]16/08/2018 10:45:20
    Subject: Re:SIMPLEHTMLEDITOR sanitizes href
[Up]
levy

Power User

Joined: 12/03/2008 16:38:22
Messages: 308
Location: XpertCenter
Offline
Hi Björn

What about t:textwithlinks (RISC)?
In this case, the hyperlink is kept although avoidsanitizing=false.
Is the attribute "avoidsanitizing" effective for t:textwithlinks?
If effective, how?

Regards, Daniel
[WWW]
 
Forum Index -> Development
Go to:   
Powered by JForum 2.1.6 © JForum Team