HTML is lost when using TinyMCE HTML Editor in Vibe 4.0.2

  • 7018205
  • 28-Oct-2016
  • 31-Jan-2017


Micro Focus Vibe 4.0.2


When editing a folder entry or an HTML element on a Landing Page using the (TinyMCE) HTML Editor provided in Vibe 4.0.2, some HTML elements and attributes are automatically removed causing the entry/landing page to no longer have the desired HTML formatting. In some cases, previously uploaded (inline) images are also removed from the HTML.

For example:
Here are some common examples demonstrating the problem:
  1. In an entry, user defined a HTML table with table cells having a "width" and "valign" attribute. Upon submission, the "width" and "valign" attributes are automatically removed from the table cells.

    Before: <td height="100" valign="top">Hello World</td>
    After: <td>Hello World</td>

  2. In a Landing Page, user added an HTML element and then added an inline image so that it is displayed on the Landing page. Upon submission, the image's source (URL) is automatically removed.

    Before: <img class=" ss_addimage " style="width: 200px; height: 155px;" src="" alt="Logo-A" />
    After: <img class=" ss_addimage " style="width: 200px; height: 155px;" alt="Logo-A" />

  3. In a wiki page where users have shared code snippets, anything entered between < > is being removed. For example, <test_sec1>This is a test</test_sec1>.


An updated fix for this issue is available in the Vibe 4.0.2 Patch 2, available via the Novell Patch Finder.


The problem is caused because Vibe 4.0.2 uses the OWASP HTML Sanitizer which by default considers several HTML elements and attributes "unsafe". With the fix introduced in Vibe 4.0.2 HP1, the default list of "safe" elements and attributes has been extended. The fix also introduces functionality to further extend the safe list on a site-specific basis. For more information, please consult Vibe 4.0.2 OWASP HTML Sanitizer Rules.