Description
Preconditions and environment
oS 2.4.3-p1
Steps to reproduce
Using old style editor (not blocks editor), insert an image from the media library into the content. Wrap that image in an "a" tag. Save the content (product description, CMS page, block it doesn't matter). Something like this:
<p><a href="/uk/digital-print-design/"><strong><img style="float: left; padding: 0 20px 45px 20px;" title="useful information for digital printing" src="{{media url="wysiwyg/ALP/ICONS/design.png"}}" alt="Useful design information for our calendars" width="60" height="60" /></strong></a></p>
Expected result
Conent is saved without error
Actual result
Following warning displayed:
Temporarily allowed to save HTML value that contains restricted elements. Allowed HTML attributes for tag "a" are: class,width,height,style,alt,title,border,id,data-active-tab,data-appearance,data-autoplay,data-autoplay-speed,data-background-images,data-background-type,data-carousel-mode,data-center-padding,data-content-type,data-element,data-enable-parallax,data-fade,data-grid-size,data-infinite-loop,data-link-type,data-locations,data-overlay-color,data-parallax-speed,data-pb-style,data-same-width,data-show-arrows,data-show-button,data-show-controls,data-show-dots,data-show-overlay,data-slide-name,data-slick-index,data-role,data-product-id,data-price-box,aria-hidden,data-tab-name,data-video-fallback-src,data-video-lazy-load,data-video-loop,data-video-overlay-color,data-video-play-only-visible,data-video-src,href,role,target,tabindex,rel
Additional information
There's nothing wrong with the HTML - the error is in the validator. Appears it cannot properly validate content that contains {{media}} references. Debuggin the validator I added a little extra so the nodes the query finds can be seen:
Inspecting $elem shows this:
Somehow the wysiwyg part of the media is being detected as an invalid attibute of the a-tag, which it clearly is not. Nothing at all wrong with the a-tag itself.
This need fixing before you ever think about imposing restictions on what can be included in content. At least get the checks right first!
And while you're about about, telling us what was found as invalid is far more useful than a long list of what's allowed with nothing on what caused it.
Release note
Fix content validation so it actually works.
Triage and priority
- Severity: S0 - Affects critical data or functionality and leaves users without workaround.
- Severity: S1 - Affects critical data or functionality and forces users to employ a workaround.
- Severity: S2 - Affects non-critical data or functionality and forces users to employ a workaround.
- Severity: S3 - Affects non-critical data or functionality and does not force users to employ a workaround.
- Severity: S4 - Affects aesthetics, professional look and feel, “quality” or “usability”.