Editor issue : href="mailto:" getting sanitized #7034
-
|
If I use in widget Footer |
Beta Was this translation helpful? Give feedback.
Replies: 5 comments
-
|
Maybe because it is sanitized, in the admin look at the content definition related to this widget, then, if it has e.g. an html field, go to its settings and uncheck the |
Beta Was this translation helpful? Give feedback.
-
I though that too, but I don't think there's a security issue with mail to unless there's a script injected |
Beta Was this translation helpful? Give feedback.
-
|
See here to adjust the sanitizer https://docs.orchardcore.net/en/dev/docs/reference/core/Sanitizer/#configuring-the-sanitizer (oh and the example includes mailto) Or as @jtkech says disable sanitization. It's not something we'll include by default I suspect - the point of using an external sanitizer is that we do not need to make decisions about what is safe and isn't safe. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you very much! You've been very helpful |
Beta Was this translation helpful? Give feedback.
-
|
@jtkech would turning this into a radio button so the user is forced into selecting one or the other. you can then warn them if they say no. I know what to put in to avoid security vulnerabilities, but never saw the option for sanitize when setting up the template |
Beta Was this translation helpful? Give feedback.
mailtois sanitized by defaultSee here to adjust the sanitizer https://docs.orchardcore.net/en/dev/docs/reference/core/Sanitizer/#configuring-the-sanitizer (oh and the example includes mailto)
Or as @jtkech says disable sanitization.
It's not something we'll include by default I suspect - the point of using an external sanitizer is that we do not need to make decisions about what is safe and isn't safe.