hvelarde
commented
8 years ago Using Disable html filtering works neither.
Open hvelarde opened 8 years ago
hvelarde
commented
8 years ago Using Disable html filtering works neither.
sneridagh
commented
7 years ago I can confirm that adding offending attributes does not work neither. It seems that the whole safe_html transform is not working at all for Plone 5.0.6.
tisto
commented
7 years ago When I moved the control panel to z3c.form I wrote acceptance tests for the filters:
FYI: The transforms were broken before my PLIP (I wrote the test before the implementation). So at least we have a pretty good idea of what is currently broken.
sneridagh
commented
7 years ago @plone/framework-team It seems to me that this issue should have the highest priority... not the current low.
tisto
commented
7 years ago Bottom line is that the implementation of safe_html is just broken by design. We are using regular expressions to parse HTML. We started to work on https://github.com/collective/experimental.safe_html_transform to solve the problem properly, but we never reached a stable point.
tisto
commented
7 years ago @hvelarde are you still interested in a solution for that? Unfortunately we do not have any budget in our current project to solve this issue properly. Though, I could to chip in some money/dev time if others are willing to do the same...
hvelarde
commented
7 years ago we can allocate human resources if someone can provide guidance to fix this.
CC @agnogueira
abosio
commented
6 years ago I just noticed it would work for me with new Custom Tags if I disabled filtering, saved, then reenabled and saved on Plone 5.0.7.
Brand new Plone 5.0.5 instance; go to Site Setup -> HTML Filtering Settings and remove
scriptfrom the list of Nasty tags.Go to a page and edit it adding some content with such tag:
Save it: the
scripttag is filtered anyway: