Can you please take a look to the RichTextArea component in platform version 7.2.7? There I noticed an old bug behavior.
The bug “HTML Sanitization breaks RichTextArea formatting on text with empty lines #2780” is still acitve in platform version 7.2.7.
Regards,
Mark
Hello, @Mark.Lembeck!
Unfortunately, I could not reproduce above problem on platform version 7.2.7. Could you share the test project, where this case will be reproduced?
Regards,
Gleb
Enclose you can find a simple test project.
Regards,
Mark
Is this project I deleted the content of the deployment folder. The content was to big for the upload.
Hello @Mark.Lembeck!
You have some HTML tags that HtmlSanitizer does not know and therefore removes them.
<pre class="CodeRay highlight"><code data-lang="xml"><span class="tag"><data></span>
<span class="tag"><instance</span> <span class="attribute-name">id</span>=<span class="string"><span class="delimiter">"</span><span class="content">customerDc</span><span class="delimiter">"</span></span> <span class="attribute-name">class</span>=<span class="string"><span class="delimiter">"</span><span class="content">com.company.sample.entity.Customer</span><span class="delimiter">"</span></span> <span class="attribute-name">view</span>=<span class="string"><span class="delimiter">"</span><span class="content">_local</span><span class="delimiter">"</span></span><span class="tag">></span>
<span class="tag"><loader</span><span class="tag">/></span>
<span class="tag"></instance></span>
<span class="tag"></data></span></code></pre>
<code><span class="tag"><data></span>
<span class="tag"><instance</span> <span class="attribute-name">id</span>=<span class="string"><span class="delimiter">"</span><span class="content">customerDc</span><span class="delimiter">"</span></span> <span class="attribute-name">class</span>=<span class="string"><span class="delimiter">"</span><span class="content">com.company.sample.entity.Customer</span><span class="delimiter">"</span></span> <span class="attribute-name">view</span>=<span class="string"><span class="delimiter">"</span><span class="content">_local</span><span class="delimiter">"</span></span><span class="tag">></span>
<span class="tag"><loader</span><span class="tag">/></span>
<span class="tag"></instance></span>
<span class="tag"></data></span></code>
The HtmlSanitizer removed the <pre/> tag and data-lang attribute of <code/> tag. We have an issue to add new tags for HtmlSanitizer - Add new html tags for HtmlSanitizer · Issue #2803 · cuba-platform/cuba · GitHub.
As a workaround, you can override the HtmlSanitizer and add the required tags to your project.
CustomHtmlSanitizer class and override initDefaultPolicyFactory method:package com.company.testproject.web.sanitizer;
import com.haulmont.cuba.web.sys.sanitizer.HtmlSanitizer;
import org.owasp.html.AttributePolicy;
import org.owasp.html.CssSchema;
import org.owasp.html.ElementPolicy;
import org.owasp.html.HtmlPolicyBuilder;
import org.owasp.html.Sanitizers;
import static com.haulmont.cuba.gui.components.HtmlAttributes.CSS.FONT;
public class CustomHtmlSanitizer extends HtmlSanitizer {
@Override
protected void initDefaultPolicyFactory() {
super.initDefaultPolicyFactory();
policyFactory = new HtmlPolicyBuilder()
.allowCommonInlineFormattingElements()
.allowAttributes(FONT_COLOR_ATTRIBUTE_NAME).matching(FONT_COLOR_PATTERN).onElements(FONT)
.allowAttributes(FONT_FACE_ATTRIBUTE_NAME).matching(FONT_FACE_PATTERN).onElements(FONT)
.allowAttributes(FONT_SIZE_ATTRIBUTE_NAME).matching(FONT_SIZE_PATTERN).onElements(FONT)
.allowAttributes(CLASS_ATTRIBUTE_NAME).matching(CLASS_PATTERN).globally()
.allowStandardUrlProtocols().allowElements(A_ELEMENT_NAME)
.allowAttributes(HREF_ATTRIBUTE_NAME).onElements(A_ELEMENT_NAME).requireRelNofollowOnLinks()
.allowAttributes(TARGET_ATTRIBUTE_NAME).matching(true, TARGET_ATTRIBUTE_VALUES)
.onElements(A_ELEMENT_NAME).requireRelsOnLinks(NOOPENNER_REL_VALUE, NOREFERRER_REL_VALUE)
.allowElements(ElementPolicy.IDENTITY_ELEMENT_POLICY, "pre") // <pre/> tag
.allowAttributes("data-lang").matching(AttributePolicy.IDENTITY_ATTRIBUTE_POLICY)
.onElements("code")// data-lang attribute
.allowStyling(CssSchema.withProperties(DEFAULT_WHITELIST))
.allowStyling(CssSchema.withProperties(getAdditionalStylePolicies()))
.toFactory()
.and(Sanitizers.FORMATTING)
.and(Sanitizers.BLOCKS)
.and(Sanitizers.IMAGES)
.and(Sanitizers.STYLES)
.and(Sanitizers.TABLES);
}
}
CustomHtmlSanitizer into web-spring.xml file:<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:gui="http://schemas.haulmont.com/cuba/spring/cuba-gui.xsd">
<!-- Annotation-based beans -->
<context:component-scan base-package="com.company.testproject"/>
<gui:screens base-packages="com.company.testproject.web"/>
<bean id="cuba_HtmlSanitizer" class="com.company.testproject.web.sanitizer.CustomHtmlSanitizer"/>
</beans>
Regards,
Gleb
Ok, understood.
In the past it was possible to paste any html content into the richTextArea component. After pasting the content to the component it was also possible to change the format of the content. Now it is only possible if I disable the HtmlSanitizer or if I implement a CustomHtmlSanitizer. Correct?
Regards,
Mark
Hello, @Mark.Lembeck!
If you disable HtmlSanitizer using RichTextArea#htmlSanitizerEnabled(false) method, then there is no need to implement CustomHtmlSanitizer class, since the value in the component will not be sanitized and will be presented unchanged. Also, you can achieve the same result by setting the htmlSanitizerEnabled attribute to false in the XML descriptor.
If you want to save the sanitization mechanism for the component, then you need to implement the CustomHtmlSanitizer class.
Regards,
Gleb
Ok, thank you for this explanation and your support.
Regards,
Mark