Please add 'name' tag to HTML.Allowed

mike_a 2010-08-31 14:26:20 UTC #1

Please add the name tag to HTML.Allowed so users can create bookmarks within their documents. Or better yet, incorporate the update that I posted to the tracker.

Leithoff_Klaus 2010-08-31 15:23:00 UTC #2

as far as I can see it, it seems to be allowed for trunk in html::purify
line 1383

kl@stylite.de
Stylite GmbH
[ open style of IT ]
Morschheimer Strasse 15
67292 Kirchheimbolanden

fon 06352 . 70629-0
fax 06352 . 70629-30
www.stylite.de

Geschäftsführer: Andre Keller, Gudrun Müller, Ralf Becker
Handelsregister Kaiserslautern HRB 30575
USt-ID: DE214280951

mike_a 2010-08-31 16:30:13 UTC #3

After a bit of digging I realize now that the ‘name’ attribute for the ‘a’ tag is allowed however it is still getting stripped and I’m at a loss.

Leithoff_Klaus 2010-09-01 08:50:47 UTC #4

I will test, and try to find a way, as anchors should be allowed.
I guess, that is of some security measures implemented with the purifier we
use.

kl@stylite.de
Stylite GmbH
[ open style of IT ]
Morschheimer Strasse 15
67292 Kirchheimbolanden

fon 06352 . 70629-0
fax 06352 . 70629-30
www.stylite.de

Geschäftsführer: Andre Keller, Gudrun Müller, Ralf Becker
Handelsregister Kaiserslautern HRB 30575
USt-ID: DE214280951

mike_a 2010-09-01 20:00:27 UTC #5

According to the HTML Purifier documentation Attr.EnableID must be set to true to fix the behavior. I checked class.html.inc.php and found that that the value IS set to true: $config->set('Attr.EnableID',true). I'm not sure why it isn't working but I guess that HTML Purifier removes the attribute to prevent XSS as in script name='foo'.

The workaround is to enable and use the 'id' element of the 'a' tag.

mike_a 2011-06-06 15:31:35 UTC #6

Please add the ‘class’ tag to HTML.Allowed so users can create bookmarks within their documents. Or better yet, incorporate the update that I posted to the tracker some time ago…

Leithoff_Klaus 2011-06-07 13:14:30 UTC #7

The name tag is allowed fot trunk epl and 1.8
The class tag is allowed for some elements, but not for a

Please add the ‘class’ tag to HTML.Allowed so users can create bookmarks
within their documents. Or better yet, incorporate the update that I posted
to the tracker some time ago…

–
View this message in context: http://egroupware.219119.n3.nabble.com/Please-add-name-tag-to-HTML-Allowed-tp1394521p3030467.html
Sent from the egroupware-developers mailing list archive at Nabble.com.

Simplify data backup and recovery for your virtual environment with vRanger.
Installation’s a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Discover what all the cheering’s about.
Get your free trial download today.
http://p.sf.net/sfu/quest-dev2dev2

eGroupWare-developers mailing list
eGroupWare-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-developers

EditLive Enterprise is the world’s most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev

eGroupWare-developers mailing list
eGroupWare-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-developers