E-Mail link in frontend from Ckeditor in TYPO3 Core 9.5.28:
<p><a href="javascript:linkTo_UnCryptMailto(%27rfnqyt%5C%2FyjxyEyjxy3ij%27);">E-Mail Link</a></p>
E-Mail link in frontend from Ckeditor in TYPO3 Core 9.5.29:
<p><a>E-Mail Link</a></p>
The href-attribut is completly removed from the a-tag.
Render-Defintion in my Fluid-Template:
<f:format.html parseFuncTSPath="lib.parseFunc">{bodytext}</f:format.html>
I think the problem results from the following changes: https://github.com/typo3/typo3/commit/ac8f1fc3ac
Currently I have downgraded the project back to 9.5.28. Here everything works as it should.
Probably the 10 version is also affected. So far not checked by me yet.
I've compiled an overview of current topics related to HTML sanitization in recent TYPO3 version 11.3.2, 10.4.19 and 9.5.29.
→ see https://github.com/TYPO3/html-sanitizer/issues/23
Besides that, I like to encourage folks to create bugs reports at forge.typo3.org instead of posting them on StackOverflow. Thanks!
Update Aug 16th, 2021
New TYPO3 versions have been released addressing this topic, please see https://typo3.org/article/typo3-10420-9530-and-1133-maintenance-releases-published for details and a change per version matrix attached to it