Bug #94804

Bug #94787: Tracking issue related to HTML sanitization issues

Handle deprecated/legacy HTML markup

Added by Oliver Hader 2 months ago. Updated 12 days ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
Security
Target version:
-
Start date:
2021-08-11
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

→ upstream handling: https://github.com/TYPO3/html-sanitizer/issues/18

Deprecated/legacy HTML5 markup directly produced by CKEditor shall be handled correctly in HTML sanitizer. Examples:

(reported by Christian Toffolo in #94787 and exctracted to this issue)


<table align="left" border="2" cellpadding="10" cellspacing="10" style="width:100%">

transformed to

<table style="width:100%">

#1

Updated by Oliver Hader 2 months ago

  • Description updated (diff)
#2

Updated by Oliver Hader 2 months ago

For <table> attributes (extracted from debug logging)

  • Found invalid attribute table.summary - {"behavior":"default","nodeName":"table","attrName":"summary"}
  • Found invalid attribute table.cellspacing - {"behavior":"default","nodeName":"table","attrName":"cellspacing"}
  • Found invalid attribute table.cellpadding - {"behavior":"default","nodeName":"table","attrName":"cellpadding"}
  • Found invalid attribute table.border - {"behavior":"default","nodeName":"table","attrName":"border"}
  • Found invalid attribute table.align - {"behavior":"default","nodeName":"table","attrName":"align"}

→ for <table> scope: https://github.com/TYPO3/html-sanitizer/pull/19

#3

Updated by Oliver Hader 2 months ago

  • Status changed from New to Accepted
#4

Updated by Oliver Hader 2 months ago

  • Description updated (diff)
#5

Updated by Oliver Hader 2 months ago

  • Status changed from Accepted to In Progress
#7

Updated by Benni Mack 12 days ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF