search

wiris / html-integrations

The official JavaScript library for MathType, the leading formula editor and equation writer for the web by Wiris
https://wiris.com/solutions/integrations/html-editors/
MIT License
76 stars 53 forks source link

[Ckeditor 5]Util.htmlSanitize removing MathML attributes "open" and "close" from <mfenced> tag #840

Closed marcelinombb closed 10 months ago

marcelinombb commented 1 year ago

Hello i am having a problem when retrieving the saved data from the server to the editor and noticed that any formula involved with [, | or { are being removed so investigating found the possible culprit the function Util.htmlSanitize that treat the MathML is removing any atribute from the tags and allowing accepting only these below.

https://github.com/wiris/html-integrations/blob/305f1f2594fa819fd533df98e48422a8166633ba/packages/devkit/src/util.js#L407

example:

the string bellow renders the following [3] <math xmlns="http://www.w3.org/1998/Math/MathML"><mfenced open="[" close="]"><mn>3</mn></mfenced></math>

but on the editor the attributes from <mfenced> and <math>are being removed and rendering (3) <math><mfenced><mn>3</mn></mfenced></math>

and after adding the attributes open and close to the ALLOWED_ATTR list the issue was solved

html = DOMPurify.sanitize(html, { ADD_TAGS: ['semantics', 'annotation'], ALLOWED_ATTR: ['mathvariant', 'class', 'linebreak', 'open', 'close']});

I don't know if other tags use other attributes to render formulas so I'm writing so you are aware of the problem. Also removing attributes from mstyle https://docs.wiris.com/mathtype/en/mathtype-integrations/mathtype-web-interface-features/mathml-coverage-by-mathtype.html#-mstyle-

icaparros-at-wiris commented 10 months ago

Hi @marcelinombb,

Thank you for your feedback. This bug is fixed on the latest version 8.7.2