Skip to content
Snippets Groups Projects
Commit 6991f300 authored by qsm-odoo's avatar qsm-odoo
Browse files

[FIX] web, *: review Bootstrap tooltip/popover sanitization 

* website_sale_comparison

The Bootstrap sanitization introduced with BS 4.3.1 was disabled with
https://github.com/odoo/odoo/commit/36caf5fc16b5a95a0bf37f08f0caf974683b2df6
https://github.com/odoo/odoo/commit/ee94decd30c4514d5bc410b1652bc6464bb600aa



This commit re-enables it by default but extends it to accept more
common tag names like tables and buttons. If a specific tooltip or
popover must accept custom tags or attributes (such as data-* attributes
required by a related JS), they must be supplied through the whitelist
BS parameter explicitely (see example with website_sale_comparison in
this commit).

Note: data-oe-* attributes are also whiteListed by default.

We cannot disable sanitization because bootstrap uses tooltip/popover
DOM attributes in an "unsafe" way.

closes odoo/odoo#37631

Signed-off-by: default avatarOlivier Dony (odo) <odo@openerp.com>
parent 28931034
Branches
Tags
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment