Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-29119

HTML Sanitizer misses some tags

    Details

    • Type: Question
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 10.10-HF26
    • Fix Version/s: 11.1, 2021.0
    • Component/s: Comments

      Description

      Given the following contrib:

      <!-- Customer wants to remove all HTML from Comments --> <require>org.nuxeo.ecm.platform.htmlsanitizer.config</require>
        <extension target="org.nuxeo.ecm.platform.htmlsanitizer.HtmlSanitizerService" point="antisamy">
          <antisamy policy="my-antisamy-nuxeo-policy.xml" />
      </extension>
      

      And in my-antisamy-nuxeo-policy.xml:

      <?xml version="1.0"?>
      <anti-samy-rules>
      </anti-samy-rules>
      

      Then test the Comments feature on a Document:

      1) What I typed:

      This is a comment with <b>bold</b>

      What is displayed (I'm including the span tag for clarity, see next example):

       

      <span>This is a comment with bold</span>
      

      2) What I typed:

      This is <a href="https://www.nuxeo.com/">a link</a>

      What is displayed:

      <span>This is <a>a link</a></span>

       

      So the anchor tag was not stripped. There may be others. This was not a comprehensive test but we should do one.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour
                1h

                  PagerDuty

                  Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.