Comments (2)
spocke
commented on May 29, 2024
This seems to be by design. We use DOMPurify to sanitise the HTML it has a rule that id and name can't reference things that exists in the document so title in this case exists on the document. So name your ID something else than that should work.
https://github.com/cure53/DOMPurify/blob/main/src/purify.js#L1132
Closing this since it's by design and not a bug.
from tinymce.
TheSpyder
commented on May 29, 2024
Specifically this is a DOM Clobbering attack. DOMPurify has an explanation in their security goals documentation:
https://github.com/cure53/DOMPurify/wiki/Security-Goals-&-Threat-Model
from tinymce.
Related Issues (20)
- placeholder doesn't show on h1 element when using inline editor
- Link/Unlink partial unlinking not working anymore HOT 1
- Add the domain youtube-nocookie.com to the sandbox_iframes_exclusions default value
- Copy-pasted parsed URLs are (incorrectly) URL encoding ampersands HOT 1
- isDirty isn't set when first action removes something from list.
- Dynamically initial selectbox values HOT 1
- Spacebar doesn't always work in Mozilla firefox
- The resize handle icon of status bar is displayed on the left end HOT 1
- Accordions wide gap HOT 3
- Help plugin failed to load HOT 3
- I don't want to display the unit after the font-size, is there any way to do that? HOT 1
- 👍 Padding on Tables Elements doesn't work in some cases. HOT 2
- TinyMCE Version 6 Hyperlink Issue - default_link_target not working HOT 5
- Error: Can't resolve 'node_modules/tinymce/plugins/template/plugin.js' after V7 update HOT 1
- Repeated header/letterhead and footer HOT 1
- multiple files import when we create multiple instances HOT 1
- Implement a fix or flag that lets TinyMCE not alter perfectly legitimate imported code HOT 5
- Initialize right to left attribute issues HOT 1
- React Tinymce Toolbar Sticky not working properly
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tinymce.