Vulnerability in EPiServer.Forms
I have a custom property built like this one here:http://world.episerver.com/blogs/Henrik-Fransas/Dates/2014/11/how-to-use-tinymce-in-a-custom-property-the-episerver-wayclean-version/
I have noticed now that when there are no value inputed by the editors I get this value from tinymce:
I have found that that has something to do with the inline=true setting but I can not see that I get that value from the "standard" xhtml-property.Read more here: http://stackoverflow.com/questions/20008384/tinymce-how-do-i-prevent-br-data-mce-bogus-1-text-in-editor
Anyone know how EPiServer handles this?
There is not so much magic going on collecting the value from the editor. We have added one plugin called epitrailing to make it easier to get the cursor to the end of the content and that does some cleaning up of empty tags. Apart from that most "fixing" of the html happens in the parser/serializer inside of TinyMCE when you call getContent()