When I add the following in a Static HTML module body:
<div class="img-wrapper"> <figure> <img class="content-img" src="image.jpg" alt="grey image"/> </figure></div>
Then I close the page and re-open it it will suddenly be changed to the following automatically:
<div> <figure> <img src="image.jpg" alt="grey image" /> </figure></div>
I have never experienced this before, but this issue currently affects all my pages. Is there a workaround or is this a temporary bug?
Hi Jon,
Welcome to the Prismic community.
I'm not sure I've understood the issue. Can you please tell us where you are trying to add this static HTML code? are trying to add this to a field? What kind of Prismic field.
More importantly, It would be helpful to explain to us the use-case you are trying to implement.
Looking forward to your reply,
Fares
Hi Fares,
Thank you for the reply.
I'm using a static html module in the standard Prismic page editor. I'm making a simple article page. Now and then I need a custom element and will insert it using standard html code. We have used this for many pages previously and the bug seems to affect all pages we have in the system. The bug first arose two days ago and it started deleting all class attributes from all my html elements. See attached screenshot.
Thank you for the clarifications; actually, this is not a way that we recommend, and It is possible that stripping those classes is related to some security fixes that we have deployed recently.
Anyway, I have created an issue to investigate this, but I don't think that we are going to fix it in the future, but we will let you know in case of any updates.
You can also use Slice variation feature to give content writers some flexibility, but all depends on the use-case you are implementing.
Please let us know if you have any other questions,
Fares
Hi Fares,
Is there any updates on this issue? Can you let us know if this is going to be fixed or not?
Thanks
Sorry for the delay @joseph.zammit I've checked with our dev team and they have asked if this also happens if the code is marked as “preformated” can you try that?
Our team just noticed this as well. Initially entering the class to element(s) does apply it to the rendered html, and although it is stripped (visually) when we re-open, the classes continue to render out in the html ... as long as we don't make further edits to the field.
So, it appears the attribute is stripped in the editor, but persists in the data, as long as we don't overwrite the field with new data.
I'll investigate the preformated suggestion (admittedly, I'm not sure I understand that yet), but we're interested in this conversation, so I'm watching it for now.
Hi @jgarguilo,
I have already reported this to our dev team, and we will let you know once we get any updates.
Hello! We are seeing something very similar, and it's breaking our workflow.
(Note: Although we don't want to have some "raw HTML" input fields, there are some scenarios where the Prismic UI is overly-restrictive, and therefore having a "raw HTML input via a Key Text field is simply the only pragmatic solution for us. For example, the rich text editor does not let us input CTAs, or tables, or input forms, or all sorts of other things that might be needed.)
This sounds likely to me. However, if that's the case then I think your security fix needs to be implemented differently; Prismic should never be changing the raw data entered into Key Text fields (or any other fields, for that matter!).
In particular, what we have found is:
A non-repeatable section Key Text field does not perform any sort of "HTML sanitisation", which is correct/expected behaviour.
A repeatable section Key Text field is trying to "sanitise" the HTML, which is incorrect. For example, <a class="foo" href="/">Hello</a> is being sanitised into <a href="/">Hello</a>.
I believe this bug closely relates to this report from a month ago: Key text field characters stripped on render
Could we please get an ETA on when the bug is likely to be addressed?
Hi,
I have added your inquiry to the issue and notified the production team, and we will let you know in case of any updates.
We're also hitting this bug.
I've creeated a new empty repository, with a single custom type and a single key text field here:
https://keyfield-test.prismic.io/
The error is evident, any attribute given to a tag (tested with div and a tags) will be deleted and if the page is saved the contents are destroyed. I've tested this with class and data-src atrtibutes.
Hi @developers6,
It seems this is a known bug:
The only workaround for this at the minute is to use a Rich Text field with the prefformatted text style for code snippets.
Thanks.
This thread is being monitored as an open ticket in the internal Prismic issue tracker. The Prismic support team will update this post as we get more information from our dev team. If you have a similar use-case, you can ‘Flag’ this topic to reopen and add it here.
