[CMS-15631] HTML Cleaning Stripping <style> Tags - Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: High
Resolution: Fixed
Affects Version/s: 13.4.24, 14.7.15, 15.3.0, 15.4.0
Fix Version/s: 15.5.0, 16.0.0
Component/s: None
Labels:
- ps-brxm

Story Points:
4
Flagged:

Flagged
Processed by team:
Orion
Sprint:
Orion Cycle Gap, Orion.Cycle1.Sprint1
Effort:
Undetermined

Description

Reproduction

Create a new Document Type and add the Rich Text Editor field group
Set the htmlprocessor to `no-filter` and add { allowedContent: true } to the ckeditor.config.overlayed.json (documentation here).
Create a new document using the newly created Document Type.
Enter the below code snippet as the content
Upon saving, the `<style>` tag gets stripped out

<style>
.heading { color: red }
</style>
<h1 class="heading">Heading</h1>

Cause
Third party HTML cleaner was bumped to 2.29 per CMS-15420 in 13.4.24, 14.7.15, 15.3.0.

See https://htmlcleaner.sourceforge.net/release.php

April. 29, 2023{_}: HtmlCleaner release 2.28

229 style-tag should not be allowed in body in HTML5

Solution proposed by mmilicevic

import org.htmlcleaner.*;
public class BloomreachHtmlProvider extends Html5TagProvider {
public static final BloomreachHtmlProvider INSTANCE = new BloomreachHtmlProvider();
public BloomreachHtmlProvider()
{ final TagInfo tagInfo = new TagInfo("style", ContentType.text, BelongsTo.HEAD_AND_BODY, false, false, false, CloseTag.required, Display.none); this.put("style", tagInfo); }
}
// org.onehippo.cms7.services.htmlprocessor.HtmlProcessorImpl fork:
parser = new HtmlCleaner(BloomreachHtmlProvider.INSTANCE, properties);

Attachments

Activity

People

Assignee:: Shikha Mudgal

Reporter:: Sami Kuzey

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 16/Oct/23 12:15 PM

Updated:: 26/Jan/24 12:15 PM

Resolved:: 17/Jan/24 11:14 AM

Details

Description

Attachments

Activity

People

Dates

related-pages-webpanel