[BUGFIX] Apply `removeTags` in RTE YAML default processing
The RTE YAML configuration `Processing.yaml` defined `removeTags` as an array, while the HTMLParser only evaluated strings as input. Due to this, `removeTags` in the TYPO3 default YAML config were never applied, and thus tags were NOT removed before getting persisted into the database. They were however escaped in the frontend output, apart from the tags: - `center` - `font` - `img` - `strike` - `u` Only Page TSconfig processing configuration was properly applied before. With this bugfix, the following things change: - A functional test is introduced to verify the behavior. - The 'security' related test has been adapted, because now title tags are already stripped. Test has also been enhanced to address the `removeTags` influence. - The tags `u` and `strike` are no longer removed, because they were set as allowTags earlier on, and that should take precedence. - The tags `center` and `font` remain to be allowed now, to not introduce a breaking change. - A note has been added that in TYPO3 v14 the original intent to remove `center`, `font` and probably `strike` are to be added to `removeTags` and thus removed in the future from database persistence. - The YAML directive is now configured to both parse a string list or an array. This will allow existing YAML configurations to properly take effect without manual fixing. Resolves: #104839 Related: #104937 Releases: main, 12.4 Change-Id: I6cf6aafb24d5cb466e35d2a7696c7273831d4f58 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/86047 Tested-by:Garvin Hicking <gh@faktor-e.de> Tested-by:
core-ci <typo3@b13.com> Reviewed-by:
Simon Praetorius <simon@praetorius.me> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Guido Schmechel <guido.schmechel@brandung.de> Reviewed-by:
Benni Mack <benni@typo3.org> Tested-by:
parent
ed37a8e9
Please register or sign in to comment