Fix 8166 html tag validation (#8176)

* wip proposal still contains commented old code - tests are missing * rename isTagNameSafe to makeTagNameSafe * remove comments * remove redundant space * add htmlCustomPrimitives to the $tw.config object * remove tag-sanitation from element.js * WIP - add html-element sanitation to the new makeTagNameSafe function, so it can be used globally * simplify sanitation logic and fix inline docs * Move top comment into inline comments
2026-05-05 20:08:49 +00:00 · 2025-10-29 18:42:28 +01:00
parent cda8d7ca8c
commit 9a5f4cc0ef
12 changed files with 67 additions and 47 deletions
--- a/core/modules/widgets/button.js
+++ b/core/modules/widgets/button.js
@@ -35,9 +35,7 @@ ButtonWidget.prototype.render = function(parent,nextSibling) {
 	this.computeAttributes();
 	this.execute();
 	// Create element
-	if(this.buttonTag && $tw.config.htmlUnsafeElements.indexOf(this.buttonTag) === -1) {
-		tag = this.buttonTag;
-	}
+	tag = $tw.utils.makeTagNameSafe(this.buttonTag,tag)
 	domNode = this.document.createElement(tag);
 	this.domNode = domNode;
 	// Assign classes