Rich Text Editor: javascript is executed when pasted into the field

[madebyannalam]

Describe the bug When content containing executable javascript is pasted into a rich text field, that javascript will be executed. Doesn't happen when the same value is typed.

To Reproduce Steps to reproduce the behavior:

1. In a rich text field that will allow copy and paste, paste in the following code:

2. An alert should pop up

Expected behavior The pasted content should be treated in the same manner as when it's being typed out.

Version

• ids-enterprise-ng: 13.0.3

Screenshots

Platform

• Device (if applicable)
• OS Version: Windows 12
• Browser Name: Google Chrome
• Browser Version: Version 111.0.5563.147 (Official Build) (64-bit)

Additional context N/A

[tmcconechy]

I cant reproduce this anymore on https://main-enterprise.demo.design.infor.com/components/editor/example-index.html When i paste <img src=x onerror=alert(document.domain)> if thats correct.

Try updating to the latest as i suspect it is fixed by https://github.com/infor-design/enterprise/issues/6892

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contribution.