Details
-
Improvement
-
Resolution: Unresolved
-
Major
-
None
-
13.10.9, 14.4.5, 14.9-rc-1
-
None
-
Unknown
-
Description
Currently, client side html sanitation based on DOMPurify does not take into account xml.htmlElementSanitizer properties. This could lead to content being escaped differently client side and server side.
Note: as of now, only the Live Data macro, under some condition, perform html sanitation.