TINY-7025: Fixed an issue where URLs were not correctly filtered in s…

…ome cases
tinymce · Mar 1, 2021 · 09bfb1d · 09bfb1d
1 parent d5160f5
commit 09bfb1d
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 7 deletions.
diff --git a/modules/tinymce/changelog.txt b/modules/tinymce/changelog.txt
@@ -1,3 +1,5 @@
+Version 5.7.1 (TBD)
+    Fixed an issue where URLs were not correctly filtered in some cases #TINY-7025
 Version 5.7.0 (2021-02-10)
     Added IPv6 address support to the URI API. Patch contributed by dev7355608 #GH-4409
     Added new `structure` and `style` properties to the `TableModified` event to indicate what kinds of modifications were made #TINY-6643

diff --git a/modules/tinymce/package.json b/modules/tinymce/package.json
@@ -1,6 +1,6 @@
 {
   "name": "tinymce",
-  "version": "5.7.0",
+  "version": "5.7.1",
   "private": true,
   "repository": {
     "type": "git",

diff --git a/modules/tinymce/src/core/main/ts/api/html/SaxParser.ts b/modules/tinymce/src/core/main/ts/api/html/SaxParser.ts
@@ -222,7 +222,7 @@ const SaxParser = (settings?: SaxParserSettings, schema = Schema()): SaxParser =
     let attributesRequired, attributesDefault, attributesForced;
     let anyAttributesRequired, attrValue, idCount = 0;
     const decode = Entities.decode;
-    const filteredUrlAttrs = Tools.makeMap('src,href,data,background,formaction,poster,xlink:href');
+    const filteredUrlAttrs = Tools.makeMap('src,href,data,background,action,formaction,poster,xlink:href');
     const scriptUriRegExp = /((java|vb)script|mhtml):/i;
     const parsingMode = format === 'html' ? ParsingMode.Html : ParsingMode.Xml;
 

diff --git a/modules/tinymce/src/core/test/ts/browser/html/SaxParserTest.ts b/modules/tinymce/src/core/test/ts/browser/html/SaxParserTest.ts
@@ -808,9 +808,10 @@ describe('browser.tinymce.core.html.SaxParserTest', () => {
       '<a href=" dAt%61: tExt/html  ; bAse64 , PHN2Zy9vbmxvYWQ9YWxlcnQoMik+">9</a>' +
       '<object data="data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+">10</object>' +
       '<button formaction="javascript:alert(11)">11</button>' +
-      '<table background="javascript:alert(12)"><tr><tr>12</tr></tr></table>' +
-      '<a href="mhtml:13">13</a>' +
-      '<a xlink:href="jAvaScript:alert(1)">14</a>' +
+      '<form action="javascript:alert(12)">12</form>' +
+      '<table background="javascript:alert(13)"><tr><tr>13</tr></tr></table>' +
+      '<a href="mhtml:14">14</a>' +
+      '<a xlink:href="jAvaScript:alert(15)">15</a>' +
       '<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7">' +
       '<a href="%E3%82%AA%E3%83%BC%E3%83">Invalid url</a>'
     );
@@ -828,9 +829,10 @@ describe('browser.tinymce.core.html.SaxParserTest', () => {
       '<a>9</a>' +
       '<object>10</object>' +
       '<button>11</button>' +
-      '<table><tr></tr><tr>12</tr></table>' +
-      '<a>13</a>' +
+      '<form>12</form>' +
+      '<table><tr></tr><tr>13</tr></table>' +
       '<a>14</a>' +
+      '<a>15</a>' +
       '<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" />' +
       '<a href="%E3%82%AA%E3%83%BC%E3%83">Invalid url</a>'
     );