Notifications

81 views

Description

After Orlando upgrade, TinyMCE is stripping the 'style' attribute irrespective of the HTML Sanitizer.

Steps to Reproduce

1. Go to an orlando instance
2. Go to kb_knowledge.list. Open any kb
3. In the article bode field open the source code and add the following:
<p><iframe src="https://www.google.com" width="400" height="400" style="border: none;"></iframe></p>
Save.
4. Without saving the entire kb, reopen the source code and confirm that the style tag is stripped

Now, test Madrid
1. Go to demonightlymadrid
2. Go to kb_knowledge.list. Open any kb
3. In the article bode field open the source code and add the following:
<p><iframe src="https://www.google.com" width="400" height="400" style="border: none;"></iframe></p>
Save.
4. Without saving the entire kb, reopen the source code and confirm that the style tag is still present

This is probably happening due to various tinymce versions and not directly servicenow related.

Workaround

This issue is under review. To receive notifications when more information is available, subscribe to this Known Error article by clicking the Subscribe button at the top right of the article. If you are able to upgrade, review the Fixed In or Intended Fix Version fields to determine whether any versions have a planned or permanent fix.



Related Problem: PRB1400559

Seen In

SR - IRM - Audit Management - New York 2019 Q3
SR - IRM - Audit Management PA Content - Madrid 2019 Q1
SR - IRM - GRC Profiles - Madrid 2019 Q2
SR - IRM - GRC Workbench - New York 2019 Q3
SR - IRM - PA Premium Integration - New York 2019 Q3
SR - IRM - Policy and Compliance - Madrid 2019 Q2
SR - IRM - Policy and Compliance PA Content - Madrid 2019 Q1
SR - IRM - Risk Management - New York 2019 Q3
SR - IRM - Risk Management PA Content - Madrid 2019 Q1
SR - IRM - SIG Assessment Legacy - Madrid 2019 Q1
SR - IRM - Vendor Risk Management - Madrid 2019 Q1
SR - Security - Integration Framework - Madrid 2019 Q2
SR - Security - Support Common - Madrid 2019 Q2
SR - Security - Support Orchestration - Madrid 2019 Q2
SR - SIR - Security Incident Response - Madrid 2019 Q2
SR - SIR - Security Incident Response PA Content - New York 2019 Q3
SR - SIR - Store SecOps Setup Assistant - Madrid 2019 Q2
SR - SIR - Store Threat Core - Madrid 2019 Q2
SR - SIR - Store Trusted Security Circles Client - New York 2019 Q3

Fixed In

Orlando Patch 7
Paris

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2020-07-10 16:10:46
Published:2020-06-03