RADEditor in Sitefinity 10.1.6500.x removes mailto links upon save

Question

In Sitefinity 10.1.65xx.x (including 10.1.6523.0), the RADEditor removes mailto: links from a dynamic content when you save it.

Here are the steps to reproduce the issue:

1. Create a new project using Sitefinity Project Manager for Sitefinity 10.1.6500.0 or 10.1.6502.0 or 10.1.6523.0.
2. Login in to the backend GUI and go to Content > News and create a new news post.
3. Type some text and select it and choose the Insert Link button.
4. Choose the type of link as Email Link and give some email address there and insert it.
5. If you switch to HTML view now, you can see the tag as something like <a href="mailto:<whatever-email-given>">Text</a>.
6. Click the Save as Draft button.

You should see that the contents have changed to <a>Text</a>. Essentially the mailto: is stripped off.

Normal links work perfectly fine. And this happens in all dynamic content types like News, Blog, etc. The Content Block widgets don't have this issue.

What is going on here? Can someone please clarify?

Answer 1

We raised the issue in Sitefinity's forums and this is what ensued:

http://www.sitefinity.com/developer-network/forums/general-discussions-/radeditor-in-sitefinity-10-1-6500-x-removes-mailto-links-upon-save#HlbQHcE3622pWP8AAERlJg

Apparently, a new Data Processing Framework layer is introduced in Sitefinity in 10.1.xxxx.x that is breaking Sitefinity's own functionality. I've no idea why a majority of the people weren't able to replicate the issue. But the solution involves extending the default XSS Sanitizer and adding the tel: and mailto: protocols to the default whitelist. The answer is described in detail here: https://knowledgebase.progress.com/articles/Article/Shared-Content-Block-and-Long-Text-Field-filters-HTML-even-after-setting-RadEditor-filters-to-None