TYPO3 Core

The CKeditor does not properly remove the Tags defined in

EXT:rte_ckeditor/Configuration/RTE/Processing.yaml

processing:

  ## CONTENT TO DATABASE
  HTMLparser_db:

    ## REMOVE OPEN OFFICE META DATA TAGS, WORD 2003 TAGS, LINK, META, STYLE AND TITLE TAGS, AND DEPRECATED HTML TAGS
    ## We use this rule instead of the denyTags rule so that we can protect custom tags without protecting these unwanted tags.
    removeTags: [center, font, link, meta, o:p, sdfield, strike, style, title, u]

I have testet it in a plain TYPO3 installation with only the bootstrap package added.

When i add this test source n the RTE

<p>
    <sdfield>sdfield</sdfield>
    <font>font</font>
</p>
<center>center</center>
<o:p>o:p</o:p>

and save it, i get this result:

<p>
    &lt;sdfield&gt;sdfield&lt;/sdfield&gt;&nbsp;<font>font</font>
</p>
<p>
    center
</p>
<p>
    &lt;o:p&gt;o:p&lt;/o:p&gt;
</p>

The <center>-Tag as removed as expected, the <o:p>-Tag and the <sdfield>-Tag is converted to htmlspecialchars and the <font>-Tag is not changed at all.

In TYPO3 version 12.4.6 it all works as expected.

We find out, that the in the file

EXT:rte_ckeditor/Configuration/RTE/Editor/Base.yaml

the following part seems to cause this:

    htmlSupport:
      allow:
        # Allow any class or any data attribute in any (configured) tag
        - { classes: true, attributes: { pattern: 'data-.+' } }

If i remove this, the Tags are all removed properly. But then no classes in no Tags are allowed and so no Style is persistent.

If i change this line and add a tag-name it also works as expected but classes then are only allowed for this tag only.

    htmlSupport:
      allow:
        # Allow any class or any data attribute in any (configured) tag
        - { name: 'div', classes: true, attributes: { pattern: 'data-.+' } }