Visual HTML5 Layout: Pre-emptively strip <script> tags from input sources.

Created on 24 January 2023, over 2 years ago

Updated 25 January 2023, over 2 years ago

The output sanitizer removes <script> tags from output, but leaves the inner markup in place. This causes display problems.

Put on the hat of an irresponsible site builder and allow arbitrary javascript to be added to a wysiwyg (naught naughty).

Observe that the script is effectively defused, but the display is broken.

Strip the <script> tag and all text content therein before doing a diff compare.

None

None

None

🐛 Bug report

Status

Fixed

Version

1.0

Component

Code

Created by

🇺🇸United States luke.leber Pennsylvania

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @luke.leber
@lukeleber opened merge request.
Comment over 2 years ago →
System Message

Luke.Leber → committed 93f324db on 1.0.x
Issue #3336223 by Luke.Leber: Visual HTML5 Layout: Pre-emptively strip...
Status changed to Fixed over 2 years ago1:38am 25 January 2023
Comment over 2 years ago →
🇺🇸United States luke.leber Pennsylvania
Comment about 2 years ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

Production build 0.71.5 2024