Link Elements Not Correctly Validated

[sprankhub]

When using this module, a tags are not correctly validated any more. If the module is disabled, <a href="https://www.google.de" asdsadds="asdasddsa">link</a> will be replaced with <a href="https://www.google.de">link</a> when the editor is toggled, because asdsadds is obviously not a valid attribute. However, when the module is enabled, the invalid attribute asdsadds will be kept and not stripped. This happens, because in the following line, many new allowed tags are added, which all allow all attributes:

magento2-wysiwyg-svg/src/Plugin/AllowSvgInWysiwyg.php

Line 36 in 9c389b1

$settings['extended_valid_elements'] = $extendedSettings . implode(',', $this->buildExtendedValidElements());

The following is added to extended_valid_elements:

svg[*],a[*],animate[*],animateMotion[*],animateTransform[*],circle[*],clipPath[*],defs[*],desc[*],ellipse[*],feBlend[*],feColorMatrix[*],feComponentTransfer[*],feComposite[*],feConvolveMatrix[*],feDiffuseLighting[*],feDisplacementMap[*],feDistantLight[*],feFlood[*],feFuncA[*],feFuncB[*],feFuncG[*],feFuncR[*],feGaussianBlur[*],feImage[*],feMerge[*],feMergeNode[*],feMorphology[*],feOffset[*],fePointLight[*],feSpecularLighting[*],feSpotLight[*],feTile[*],feTurbulence[*],filter[*],foreignObject[*],g[*],image[*],line[*],linearGradient[*],marker[*],mask[*],metadata[*],mpath[*],path[*],pattern[*],polygon[*],polyline[*],radialGradient[*],rect[*],set[*],stop[*],style[*],switch[*],symbol[*],text[*],textPath[*],title[*],tspan[*],use[*],view[*]

a[*] says that all attributes on the a tag should be allowed. This is probably not what you want to do, @Vinai?

[Vinai]

No, it's not. It is used to allow a tags including any nested tags. Thanks for opening the issue, I'll need to refine the valid elements patterns. Not sure when I'll be able to get around to it yet.