Description
If any HTML field includes <html> tag, saving the form automatically removes the <html> tag from the field.
If that HTML field is audited, the activity stream shows a change in the field even though there is no visual change.
A value with the <html> tag can be entered into HTML field via any background process.
Steps to Reproduce
1. Create an HTML field(i.e. u_htmlfield) on incident table(or on any table) and add the new field to Activity Stream
2. Go to 'Scripts - Background' and run the following script
var gr = new GlideRecord('incident');
gr.get('<sys_id>');
gr.u_htmlfield = '<html>\r\nteststring\r\n<\/html>';
gr.update();
3. Go to the updated record to see 'teststring' in the HTML field and the update in Activity Stream
4. Save the record without modification
Actual behavior:
'teststring' still be seen in HTML field, and there is another update in the Activity Stream. i.e.
htmlfield
teststring
was
teststring
Expected behavior:
No update in activity stream
Workaround
The standard behavior of our HTML editor removes <html> tags from HTML content. This is not currently configurable in the HTML sanitization configuration.
Business rules and background scripts should not write <html> tags into HTML fields, or any other field that is excluded in the HTML sanitizer, otherwise, those values will be stripped out next time the form is saved. Preferably, create snippets of HTML in HTML fields rather than trying to create entire HTML documents.
Related Problem: PRB1352581