Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent stripping of Script and Style Tags in Froala #6148

Closed
wants to merge 1 commit into from

Conversation

@inkovic
Copy link

inkovic commented May 31, 2018

htmlAllowedTags and htmlRemoveTags were contradicting each other, and script tags were being stripped within the Froala Editor. This issue has been tackled before but keep rearing its ugly head. Making the htmlRemoveTags array an empty array will fix this issue.
Ref: 70c8f37

Please be sure you are submitting this against the staging branch.

Q A
Bug fix? Y
New feature?
Automated tests included? N
Related user documentation PR URL
Related developer documentation PR URL
Issues addressed (#s or URLs)
BC breaks?
Deprecations?

Description:

Steps to reproduce the bug:

  1. Add a <script> tag within the Froala WYSIWYG in Code View
  2. Gets stripped on refresh.

Steps to test this PR:

List deprecations along with the new alternative:

List backwards compatibility breaks:

htmlAllowedTags and htmlRemoveTags were contradicting each other, and `script` tags were being stripped within the Froala Editor. This issue has been tackled before but keep rearing its ugly head. Making the htmlRemoveTags array an empty array will fix this issue.
Ref: 70c8f37
@heathdutton

This comment has been minimized.

Copy link
Member

heathdutton commented Jun 1, 2018

Instead of hacking the froala core file can't we add htmlRemoveTags: [], after the line here:

htmlAllowedTags: ['a', 'abbr', 'address', 'area', 'article', 'aside', 'audio', 'b', 'base', 'bdi', 'bdo', 'blockquote', 'br', 'button', 'canvas', 'caption', 'cite', 'code', 'col', 'colgroup', 'datalist', 'dd', 'del', 'details', 'dfn', 'dialog', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'figcaption', 'figure', 'footer', 'form', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'header', 'hgroup', 'hr', 'i', 'iframe', 'img', 'input', 'ins', 'kbd', 'keygen', 'label', 'legend', 'li', 'link', 'main', 'map', 'mark', 'menu', 'menuitem', 'meter', 'nav', 'noscript', 'object', 'ol', 'optgroup', 'option', 'output', 'p', 'param', 'pre', 'progress', 'queue', 'rp', 'rt', 'ruby', 's', 'samp', 'script', 'style', 'section', 'select', 'small', 'source', 'span', 'strike', 'strong', 'sub', 'summary', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'time', 'title', 'tr', 'track', 'u', 'ul', 'var', 'video', 'wbr', 'center'],

@npracht npracht added this to the 2.14.2 milestone Sep 5, 2018
@npracht

This comment has been minimized.

Copy link
Member

npracht commented Oct 2, 2018

Hi @inkovic would you consider exploring Heath suggestion?

@escopecz escopecz added this to Pending Feedback in Testing 2.14.2 Oct 2, 2018
@escopecz escopecz removed this from the 2.14.2 milestone Oct 12, 2018
@escopecz escopecz removed this from Pending Feedback in Testing 2.14.2 Oct 12, 2018
@npracht npracht added this to the 2.15.1 milestone Nov 13, 2018
@heathdutton heathdutton added this to Code Review (2 required) in Mautic 2 Dec 6, 2018
@npracht npracht moved this from Code Review (2 required) to Changes Requested / Review in Mautic 2 Jan 3, 2019
@alanhartless alanhartless added this to Needs Testing in 2.15.1 Jan 14, 2019
@alanhartless alanhartless moved this from Needs Testing to Discussion in 2.15.1 Jan 15, 2019
@alanhartless alanhartless removed this from Discussion in 2.15.1 Mar 11, 2019
@alanhartless alanhartless removed this from the 2.15.1 milestone Mar 11, 2019
@npracht

This comment has been minimized.

Copy link
Member

npracht commented Apr 5, 2019

Hi @heathdutton would you carry the end of this PR ? Otherwise we close it, it seems the creator won't modify it anymore.
Thanks !

@RCheesley

This comment has been minimized.

Copy link
Member

RCheesley commented Mar 9, 2020

@heathdutton if this is still an issue do you think you could pick this up and we could get it into 2.16.1?

@RCheesley RCheesley added this to the 2.16.1 milestone Mar 9, 2020
@npracht npracht added this to Backlog in Mautic 2 Mar 10, 2020
heathdutton added a commit to heathdutton/mautic that referenced this pull request Mar 11, 2020
@heathdutton

This comment has been minimized.

Copy link
Member

heathdutton commented Mar 11, 2020

@heathdutton if this is still an issue do you think you could pick this up and we could get it into 2.16.1?

It's a preference, but I can see how it'd be frustrating for someone. I remade the PR as #8556 to do it without modifying the Froala lib file.

Mautic 2 automation moved this from Backlog to Merged Mar 11, 2020
@mautibot

This comment has been minimized.

Copy link

mautibot commented Mar 20, 2020

This pull request has been mentioned on Mautic Community Forums. There might be relevant details there:

https://forum.mautic.org/t/announcing-mautic-2-16-1-beta/13438/1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Mautic 2
  
Merged
Linked issues

Successfully merging this pull request may close these issues.

None yet

7 participants
You can’t perform that action at this time.