PrimeFaces 7.0< p:textEditor HTML-sanitizer丢弃文本格式,例如居中 [英] PrimeFaces 7.0 <p:textEditor HTML-sanitizer discards text formatting, such as centering
问题描述
在PrimeFaces 8中,使用<p:textEditor
组件时,似乎可以通过仅指定secure='false'
禁用它和secure='true'
启用它来启用/禁用HMTML -sanitizer.我试图像这样在PrimeFaces 7.0中禁用它:
In PrimeFaces 8, it seems to be possible to enable / disable HMTML -sanitizer when using the <p:textEditor
component by just specifying secure='false'
for disabling it and secure='true'
for enabling it. I tried to disable it in PrimeFaces 7.0 like this:
<p:textEditor id="quillToolbarId" secure='false' widgetVar="editor2" height="300" value="#{editTemplatesBean.kaufAnbotTemplate}" placeholder="Enter your content">
但消毒剂似乎仍在工作.
but the sanitizer still seems to be working.
我的问题是,每当我在primeFaces p:textEditor中格式化文本以使其居中对齐时,HTML清理程序都会删除我的格式设置,因此文本最终将不进行格式化.
My problem is that whenever I format a text in the primeFaces p:textEditor to be center-aligned, the HTML sanitizer just removes my formatting, so the text ends up without formatting.
解决此问题的一种方法是直接使用Quill而不是对输入内容进行清理.这种方法有效,但是随后我遇到了其他问题,例如:
One way to work this around is to use directly Quill and not Sanitize the input.This works, but then I face other problems, such as this one:
https://github.com/quilljs/quill/issues/1379
这也需要解决.
请帮助!
推荐答案
TextEditor中没有用于PrimeFaces 7的安全属性.如果您查看TextEditorRenderer.decode的代码,您会发现该sanitzier被称为
There is no secure property in TextEditor for PrimeFaces 7. If you look at the code of TextEditorRenderer.decode you will see that the sanitzier is called
if (PrimeApplicationContext.getCurrentInstance(context).getEnvironment().isHtmlSanitizerAvailable()) {
value = HtmlSanitizer.sanitizeHtml(value,
editor.isAllowBlocks(), editor.isAllowFormatting(),
editor.isAllowLinks(), editor.isAllowStyles(), editor.isAllowImages());
}
如果您查看PrimeEnvironment,则会发现如果类org.owasp.html.PolicyFactory
在类路径中可用,则将设置该属性:
And if you look into PrimeEnvironment you'll see that the property will be set if the class org.owasp.html.PolicyFactory
is available on classpath:
htmlSanitizerAvailable = LangUtils.tryToLoadClassForName("org.owasp.html.PolicyFactory") != null
所以你要么:
- 更新为PF 8
- 确保您在类路径上没有该类
- 覆盖渲染器并更改/删除检查代码
这篇关于PrimeFaces 7.0< p:textEditor HTML-sanitizer丢弃文本格式,例如居中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!