OverviewStarting in 24.2, the Styled Text Editor Component is available directly in the product. Consider using this in place of the plug-in moving forward. For more information, review: https://docs.appian.com/suite/help/latest/Styled_Text_Editor_Component.html
Visit https://community.appian.com/w/the-appian-playbook/1378/end-user-rich-text-editor-component for more information. If you have any problems installing or using the component, please see the https://community.appian.com/w/the-appian-playbook/1603/rich-text-editor-component-plug-in-troubleshooting-guide
Key Features & Functionality
Supported Browsers: Chrome, Firefox, Edge, SafariSupported on Mobile
This is a limitation of the component plug-in framework. We added a note in the docs community.appian.com/.../end-user-rich-text-editor-component that says: The required field shows or hides the asterisk indicating if the component is required but does not enforce requiredness. To enforce requiredness, use the parameter "validations". To enforce requiredness only upon submission, use section or form-level validations.
I am unable to get the required field to stop a form from submitting. Is there possibly something wrong with this plugin? Looking to see if anyone else has had this problem before.
Hello - I believe this is the same issue we discussed down below in May. Here's what I wrote below:
I searched and I think this is the CVE you're referring to: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3163
If it's not, please let me know.
That CVE talks about storing an XSS payload via an onloadstart attribute of an IMG element. That is not exploitable by the Rich Text Editor plugin. The plugin enforces an allow-list of possible HTML elements that can be used. Anything that doesn't match the allow-list will be sanitized and removed.
Also, if you follow the links to the related Issue on the Quill repository, https://github.com/quilljs/quill/issues/3364, you'll see that this is only an issue "if untrusted content is loaded". That's not the case with the Rich Text Editor. Snyk has updated to say "this was deemed not a vulnerability": security.snyk.io/.../SNYK-JS-QUILL-1245047
Long story short, this issue with the underlying Quill library isn't exploitable in the Rich Text Editor.
Quill is vulnerable to stored cross-site scripting (XSS) because it does not correctly sanitize user input before it is processed. An attacker could exploit this flaw to execute malicious JavaScript code in a victim's browser, which can result in the theft of session tokens or cookies.
Please provide more details about that vulnerability. If this is a CVE, it would be helpful if you could link to it on https://cve.mitre.org/. I tried searching for "BDSA-2021-1834" but got no results.
Hi Team,
We found one medium security risk vulnerability when we run the scan,
Vulnerability id-BDSA-2021-1834
can you fix this from your end.
Hi Marco - are you able to take a screenshot of the Network tab of the developer console and send that?
Hello - please refer to the Troubleshooting Guide and follow the steps outlined there. Hopefully that'll help you resolve your issue: community.appian.com/.../rich-text-editor-component-plug-in-troubleshooting-guide
Hello,
I'm trying to use this plug-in but when I add the richTextField component to an interface nothing is displayed:
Can you please advise what I am missing.
Thank you.
Hi Marco - I see a 403 error in the console which means some request was forbidden. To understand where that's coming from, can you show us the output of the Network tab please?