New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consistent use of single quote entity #9211
base: main
Are you sure you want to change the base?
Conversation
The |
The scenario is that I am triggering save on all the TinyMCe's on the page and I need this replacement to happen at that time before I post it to the server. Is GetContent going to work when save is triggered? If the single quote doesn't get converted to apos, the .net framework thinks it's being attacked. |
Yes. The event is dispatched every time tinymce/modules/tinymce/src/core/main/ts/content/PrePostProcess.ts Lines 50 to 51 in bcdea2a
|
The reason why don't use apos here is that it's not a valid HTML 4 entity. So at the time of writing that code there where browsers that didn't support the apos entity for example IE. However I failed to find out what exact IE versions doesn't support it. Here is the entities in the HTML4 spec notice that apos is not there: However it is in this HTML5 reference: Since this is such a central thing and the HTML that the editor generates could in theory be still be displayed on old IE based HTML renderers I'm not confident that we can just change this without having some form of option to configure it back to the old IE legacy mode. |
I figured it was an IE thing. I will try a flag. |
Curious what dotnet sanitization framework requires apos over numeric entities? Want to see if I can reproduce the issue and estimate how common this problem is. |
In my scenario it is ASP.NET MVC. If you google search something like tinymce single quote .net you can find posts of the issue. To reproduce just set tinymce option encoding: 'xml' then try to post it to the server. |
Using ' is problematic with certain frameworks. We used to get around this using the following code in v4
However this doesn't work in v6 anymore.