8.2.1 "Html was modified by sanitizer"

Classic Servoy
1

So… ummmm… I’m testing our legacy (7.4.10) Web Client applications in 8.2.1 - and I keep getting this:

WARN com.servoy.j2db.util.Debug - Html was modified by sanitizer: 
Original html: '<html><head></head><body><a href="javascript:adminPopMenu()">Admin <span class='caret'></span></a> | <a href="javascript: nav_reports()">Reports</a> | <a href="javascript: nav_myInfo()">My Info</a> | <a href="javascript: nav_logOut()">Sign Out</a></body></html>',
Sanitized html: '<html>
 <head></head>
 <body>
  <a href="javascript:adminPopMenu()">Admin <span class="caret"></span></a> | 
  <a href="javascript: nav_reports()">Reports</a> | 
  <a href="javascript: nav_myInfo()">My Info</a> | 
  <a href="javascript: nav_logOut()">Sign Out</a>
 </body>
</html>'

OK - so from what I could tell - it just re-wrapped it to make it pretty - no big deal.

HOWEVER, when it’s rendered in Chrome - NONE of the links work! Basically re-writes my HTML to TAKE OUT all of my anchor links where I trigger a method:

[attachment=0]html_rewrite_error.jpg[/attachment]

Is there a setting or something I’m missing?

This is on my DEVELOPMENT machine - using Servoy Developer:

Servoy version 8.2.1 -releaseNumber 3105
Port used by RMI Registry: 1099
Repository version 49

java.vm.name=Java HotSpot™ 64-Bit Server VM
java.version=1.8.0_151
java.vm.info=mixed mode
java.vm.vendor=Oracle Corporation

os.name=Windows 10
os.version=10.0

html_rewrite_error.jpg
html_rewrite_error.jpg1143×528 137 KB

2

This is a security measure that was introduced with I think 8.0. See here: https://wiki.servoy.com/pages/viewpage. … d=23397000

You can turn this off globally in servoy-admin, first setting “servoy.clientTrustDataAsHtml”, although that is not recommended.

3

Hi Bob,

I haven’t tested if this makes any difference but use

javascript:methodName()

instead of ```
javascript: methodName()

Notice the space after javascript:

Hope this helps.

Edit: I guess it's the XSS protection in 8.x
4

Hey Robert: Taking out the space did NOT fix it.

Patrick: OK, I see that I can do it per element - that will work for now (but is sort of a pain-in-the-ass to go through all the places it’s used).

I APPRECIATE both of your quick responses!