Skip to content

Rich Text Editor Component: Hard Validation Mode for Server-Side Sanitization #3703

New issue
New issue
Open
Feature
Open
Rich Text Editor Component: Hard Validation Mode for Server-Side Sanitization#3703
Feature
Labels
enhancement
@andrewbrazzatti

Description

@andrewbrazzatti
andrewbrazzatti
opened on Feb 16, 2026

Summary

This issue tracks the implementation of a “hard validation mode” for the RichTextEditorComponent, where a validation error is returned if server-side sanitization modifies submitted content.

PR #3689 introduced the TipTap-based RichTextEditorComponent with client-side sanitization safeguards and loop prevention. Currently, if server-side sanitization alters submitted content, the system tolerates the change. In hard validation mode, this behaviour would instead result in a validation error, preventing silent mutation of user input.

This feature is particularly important for institutions with strict content integrity, compliance, or audit requirements.

Background

PR: #3689

The PR delivered:

  • RichTextEditorComponent integrated into the config-driven form framework
  • TipTap and ngx-tiptap integration
  • Markdown to HTML conversion and source mode support
  • Client-side sanitization safeguards
  • Synchronization with Angular form controls
  • Full unit test coverage
  • Internationalisation support for editor UI elements
  • CI updates for new :ci test commands

While sanitization is already performed, there is currently no strict enforcement mechanism when the server modifies content. This can lead to silent differences between what a user submits and what is ultimately stored.

Problem Statement

In environments with higher security or governance requirements, silently altering user-submitted rich text content on the server may be unacceptable.

Examples include:

  • Removal of disallowed HTML elements or attributes
  • Script stripping
  • Inline style filtering
  • Structural normalization of markup

In such cases, the system should:

  • Detect that sanitization has altered the submitted content
  • Reject the submission
  • Return a validation error indicating that the content must be corrected

This prevents data drift and ensures that stored content always matches user intent without silent mutation.

Objectives

  • Introduce a configurable hard validation mode for rich text fields
  • Detect when server-side sanitization modifies submitted content
  • Return a validation error instead of silently accepting sanitized content
  • Provide clear and actionable error messaging to end users
  • Maintain backward compatibility with existing behaviour by default

Proposed Scope

1. Sanitization Comparison Logic

  • Capture the original submitted content
  • Apply server-side sanitization
  • Compare original and sanitized output
  • Determine whether a meaningful difference exists

Define what constitutes a failure condition, for example:

  • Structural HTML changes
  • Attribute removal
  • Content removal

Clarify whether whitespace-only differences should be ignored.

2. Configuration Model

  • Extend the RichTextEditorComponent schema configuration to support a flag such as:

    • hardSanitizationValidation: true

  • Ensure the default behaviour remains non-breaking (soft mode)

3. Validation Behaviour

  • When hard mode is enabled:

    • Reject submission if sanitization alters content
    • Return a validation error from the API
    • Surface the error in the Angular form control state

  • Ensure error messages are:

    • Clear
    • Internationalised
    • Specific enough to guide correction

4. UI Feedback

  • Display validation errors inline within the form
  • Optionally provide contextual guidance, such as:
    • “Your content contains disallowed formatting”
    • “Please remove unsupported HTML elements”

5. Testing

  • Unit tests for sanitization comparison logic
  • Integration tests for form submission behaviour in hard mode
  • Regression tests ensuring existing soft behaviour remains unchanged
  • Edge case tests for markdown conversion and source mode interactions

Acceptance Criteria

  • A configuration flag enables hard validation mode
  • Submissions that are altered by server-side sanitization are rejected
  • Clear validation errors are returned to the client
  • Errors are displayed correctly in the Angular form
  • Existing behaviour remains unchanged when hard mode is disabled
  • Unit and integration tests cover the new behaviour
  • CI builds and tests pass

Out of Scope

  • Redesign of the sanitization library itself
  • Introduction of new TipTap extensions
  • Performance optimisations unrelated to validation logic

Notes

The implementation must ensure that content integrity is enforceable without introducing breaking changes for existing deployments unless explicitly configured.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancement

    Type

    Feature

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions