PrimeFaces 7.0< p:textEditor HTML-sanitizer丢弃文本格式，例如居中 [英] PrimeFaces 7.0 <p:textEditor HTML-sanitizer discards text formatting, such as centering

问题描述

在PrimeFaces 8中，使用<p:textEditor组件时，似乎可以通过仅指定secure='false'禁用它和secure='true'启用它来启用/禁用HMTML -sanitizer.我试图像这样在PrimeFaces 7.0中禁用它:

In PrimeFaces 8, it seems to be possible to enable / disable HMTML -sanitizer when using the <p:textEditor component by just specifying secure='false' for disabling it and secure='true' for enabling it. I tried to disable it in PrimeFaces 7.0 like this:

  <p:textEditor id="quillToolbarId" secure='false' widgetVar="editor2" height="300" value="#{editTemplatesBean.kaufAnbotTemplate}" placeholder="Enter your content">

但消毒剂似乎仍在工作.

but the sanitizer still seems to be working.

我的问题是，每当我在primeFaces p:textEditor中格式化文本以使其居中对齐时，HTML清理程序都会删除我的格式设置，因此文本最终将不进行格式化.

My problem is that whenever I format a text in the primeFaces p:textEditor to be center-aligned, the HTML sanitizer just removes my formatting, so the text ends up without formatting.

解决此问题的一种方法是直接使用Quill而不是对输入内容进行清理.这种方法有效，但是随后我遇到了其他问题，例如:

One way to work this around is to use directly Quill and not Sanitize the input.This works, but then I face other problems, such as this one:

https://github.com/quilljs/quill/issues/1379

这也需要解决.

请帮助！

推荐答案

TextEditor中没有用于PrimeFaces 7的安全属性.如果您查看TextEditorRenderer.decode的代码，您会发现该sanitzier被称为

There is no secure property in TextEditor for PrimeFaces 7. If you look at the code of TextEditorRenderer.decode you will see that the sanitzier is called

if (PrimeApplicationContext.getCurrentInstance(context).getEnvironment().isHtmlSanitizerAvailable()) {
    value = HtmlSanitizer.sanitizeHtml(value,
          editor.isAllowBlocks(), editor.isAllowFormatting(),
          editor.isAllowLinks(), editor.isAllowStyles(), editor.isAllowImages());
}

如果您查看PrimeEnvironment，则会发现如果类org.owasp.html.PolicyFactory在类路径中可用，则将设置该属性:

And if you look into PrimeEnvironment you'll see that the property will be set if the class org.owasp.html.PolicyFactory is available on classpath:

htmlSanitizerAvailable = LangUtils.tryToLoadClassForName("org.owasp.html.PolicyFactory") != null

所以你要么:

• 更新为PF 8
• 确保您在类路径上没有该类
• 覆盖渲染器并更改/删除检查代码

这篇关于PrimeFaces 7.0< p:textEditor HTML-sanitizer丢弃文本格式，例如居中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！