Skip to content

Commit 7c2ff78

Browse files
kemister85MitchC1999
kemister85
and
MitchC1999
authored
Update modules/ROOT/pages/8.5.0-release-notes.adoc
Co-authored-by: Mitchell Crompton <mitchell.crompton@tiny.cloud>
1 parent a01be60 commit 7c2ff78

1 file changed

Lines changed: 3 additions & 3 deletions

File tree

modules/ROOT/pages/8.5.0-release-notes.adoc

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -110,12 +110,12 @@ For information on using Enhanced Skins & Icon Packs, see: xref:enhanced-skins-a
110110

111111
// CCFR here.
112112

113-
=== Script elements would incorrectly be removed by DOMPurify when considered valid in the schema
113+
=== Script and style elements would incorrectly be removed by DOMPurify when considered valid in the schema
114114
// #TINY-9655
115115

116-
Previously, `script` elements that were explicitly allowed through xref:content-filtering.adoc#valid_elements[`+valid_elements+`] or xref:content-filtering.adoc#extended_valid_elements[`+extended_valid_elements+`] were removed during the sanitization process when xref:content-filtering.adoc#xss_sanitization[`+xss_sanitization+`] was enabled. DOMPurify flagged these elements as potential mXSS vectors and removed them entirely, even when the schema configuration indicated they were valid.
116+
Previously, `script` and `style` elements that were explicitly allowed through xref:content-filtering.adoc#valid_elements[`+valid_elements+`] or xref:content-filtering.adoc#extended_valid_elements[`+extended_valid_elements+`] were removed during the sanitization process when xref:content-filtering.adoc#xss_sanitization[`+xss_sanitization+`] was enabled. DOMPurify flagged these elements as potential mXSS vectors and removed them entirely, even when the schema configuration indicated they were valid.
117117

118-
In {productname} {release-version}, `script` elements that are considered valid in the schema are retained during sanitization. The sanitization process still removes unsafe attributes and content, but no longer removes the entire element when the schema explicitly allows it.
118+
In {productname} {release-version}, `script` and `style` elements that are considered valid in the schema are retained during sanitization. The sanitization process still removes unsafe attributes and content, but no longer removes the entire element when the schema explicitly allows it.
119119

120120
=== Iframe elements with children would incorrectly be removed by DOMPurify
121121
// #TINY-9655

0 commit comments

Comments
 (0)