Information
  • Author: Appian Corporation
  • Type: Plug-in (Component)
  • Support: This plug-in or utility is not supported by the author. The content is free to use with a licensed product, but it is made available as-is and Community supported.
  • Industry: All Industries
  • Compatible Version(s): 22.2+, 24.1
  • First Released:
  • Last Updated:
  • Cost: Free
Share
Home » AppMarket » Rich Text Editor Component

Rich Text Editor Component

Overview

Starting in 24.2, the Styled Text Editor Component is available directly in the product. Consider using this in place of the plug-in moving forward.

For more information, review: https://docs.appian.com/suite/help/latest/Styled_Text_Editor_Component.html

Displays a field that allows for users to type text and format it with a variety of style options. Output is saved as HTML. To get the raw character output, designers can use the Appian function fn!stripHtml() on the output.
HTML output can be passed into Send E-Mail node or document generation smart services. Note that not all formats supported by the Rich Text Editor component may be supported by e-mail or document generation.
Allows uploading of images which get stored in the specified Appian folder (requires separate install of the Rich Text Editor Connected System Plugin from https://community.appian.com/b/appmarket/posts/rich-text-editor-image-upload-connected-system).

Visit https://community.appian.com/w/the-appian-playbook/1378/end-user-rich-text-editor-component for more information.

Key Features & Functionality

  • Component: fn!richTextField()
  • Allows for size validation
  • Allows for adjustable height
  • Allows for read-only / editable view
  • Supported font formats: "header", "size", "bold", "italic", "underline", "strike", "color", "background", "link", "align", "indent", "list"
  • Designer control over the allowed formats

Supported Browsers: Chrome, Firefox, Edge, Safari
Supported on Mobile

Anonymous
Parents

  • Hi Team,

    We found one medium security risk vulnerability when we run the scan,

    Vulnerability id-BDSA-2021-1834

    can you fix this from your end.

  • in reply to archanae0001

    Please provide more details about that vulnerability.  If this is a CVE, it would be helpful if you could link to it on https://cve.mitre.org/.  I tried searching for "BDSA-2021-1834" but got no results.

  • in reply to rishub

    We have this same vulnerability reported on latest May 2024 scan. Can we have a resolution for this issue.

    BDSA-2021-1834

    Quill is vulnerable to stored cross-site scripting (XSS) because it does not correctly sanitize user input before it is processed. An attacker could exploit this flaw to execute malicious JavaScript code in a victim's browser, which can result in the theft of session tokens or cookies.   **Note**: the vendor disputes this issue, asserting that potentially dangerous content should be sanitized before being passed and loaded into the Quill editor.

Comment
  • in reply to rishub

    We have this same vulnerability reported on latest May 2024 scan. Can we have a resolution for this issue.

    BDSA-2021-1834

    Quill is vulnerable to stored cross-site scripting (XSS) because it does not correctly sanitize user input before it is processed. An attacker could exploit this flaw to execute malicious JavaScript code in a victim's browser, which can result in the theft of session tokens or cookies.   **Note**: the vendor disputes this issue, asserting that potentially dangerous content should be sanitized before being passed and loaded into the Quill editor.

Children
No Data
© 2024 Appian. All rights reserved.
We want to hear from you! Submit a review on Gartner or G2.