[Issue] xssFiltrationPattern boundary script tag restriction

[m2-assistant]

This issue is automatically created based on existing pull request: #39379: xssFiltrationPattern boundary script tag restriction

---

Add script boundary as word

If you have an html like:

<body>
    <p class="product-description">
     hello world product description
    </p>
</body>

The problem is the class: product-description

Manual testing scenarios (*)

1. Create a CMS Page with content:

<p class="product-description">
     hello world product description
    </p>

2. Save and see error:

Contribution checklist (*)

• Pull request has a meaningful description of its purpose
• All commits are accompanied by meaningful commit messages
• All new or changed code is covered with unit/integration tests (if applicable)
• README.md files for modified modules are updated and included in the pull request if any README.md predefined sections require an update
• All automated tests passed successfully (all builds are green)

[m2-assistant]

Hi @engcom-Bravo. Thank you for working on this issue.
In order to make sure that issue has enough information and ready for development, please read and check the following instruction: 👇

• 1. Verify that issue has all the required information. (Preconditions, Steps to reproduce, Expected result, Actual result).
• 2. Verify that issue has a meaningful description and provides enough information to reproduce the issue.
• 3. Add Area: XXXXX label to the ticket, indicating the functional areas it may be related to.
• 4. Verify that the issue is reproducible on 2.4-develop branch
  Details

  - If the issue is reproducible on 2.4-develop branch, please, add the label Reproduced on 2.4.x.
  - If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and stop verification process here!
• 5. Add label Issue: Confirmed once verification is complete.
• 6. Make sure that automatic system confirms that report has been added to the backlog.

[engcom-Bravo]

Hi @osrecio,

Thanks for your reporting and collaboration.

We have verified the issue in Latest 2.4-develop instance and we got below result as follows :

We are able to save the page Temporarily but we are getting same error as you mentioned.Is this error only you are referring to Could you please let us know.

Thanks.

[osrecio]

Hello @engcom-Bravo , you have only warning because the config: cms/wysiwyg/force_valid have the value = 0,

By default is 0 due the config in file: config.xml

But if you change the value to: 1, you will have the error that I show.

Yo can check \Magento\Cms\Model\Wysiwyg\Validator::validate to check it out the behaviour:

[engcom-Bravo]

Hi @osrecio,

Thanks for your reporting and collaboration.

We have verified the issue in Latest 2.4-develop instance and the issue is reproducible.Kindly refer the screenshots.

While saving the page getting below error :

Content HTML contains restricted elements. Invalid value provided for attribute class

Hence Confirming the issue.

Thanks.

[github-jira-sync-bot]

✅ Jira issue https://jira.corp.adobe.com/browse/AC-13395 is successfully created for this GitHub issue.

[m2-assistant]

✅ Confirmed by @engcom-Bravo. Thank you for verifying the issue.
Issue Available: @engcom-Bravo, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself.