Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sanitize HTML in Wysiwyg #115

Open
armellarcier opened this issue Nov 26, 2020 · 4 comments
Open

Sanitize HTML in Wysiwyg #115

armellarcier opened this issue Nov 26, 2020 · 4 comments

Comments

@armellarcier
Copy link

I always end up with such saved code when pasting text in the pell Wysiwyg editor.

<p><span style="color: rgb(0, 0, 0); font-family: &quot;Open Sans&quot;, Arial, sans-serif; text-align: justify;">Sed interdum turpis a arcu cursus ultricies. Ut nec augue interdum, tempor tortor id, rhoncus ipsum. Donec viverra, nibh a elementum scelerisque, nisi erat ullamcorper lorem, vel molestie magna purus vel dolor. Praesent vel risus congue, gravida mi eu, consequat ligula. Donec dolor metus, tempor in finibus sed, mattis et felis. Sed convallis erat vitae sapien venenatis sodales. Etiam eu facilisis est. Aenean nec ex vestibulum, convallis lectus vitae, porttitor turpis.</span></p>

I think this should be cleaned up automatically without any user configuration needed as it seems to be the philosophy of this plugin to prevent UI breaking due to bad "client" content management. And it would be a security improvement.

Could be done through JS sanitizing on change events, on paste events (downvote from me) with a lib like https://github.com/apostrophecms/sanitize-html, and/or server-side.

It may be good to override the behavior and allow a specific list of tags/attributes in userland also.

jaredreich/pell#53

@armellarcier armellarcier changed the title Sanitize HTML ini Wysiwyg Sanitize HTML in Wysiwyg Nov 26, 2020
@armellarcier
Copy link
Author

armellarcier commented Nov 26, 2020

#114 fixes paste problems but removes formatting altogether. It's a very good thing but I reopen this for future improvements on content sanitization.

@jacquesbh
Copy link
Member

I don't understand @armellarcier. What are the future improvements?

@armellarcier
Copy link
Author

@jacquesbh pasting could keep tags that are allowed (h1,…) and only sanitize the rest instead of just pasting only raw text from the clipboard.

Again, this could be part of a bigger issue/feature on the mere possibility to completely customize the editor.

@jacquesbh
Copy link
Member

jacquesbh commented Nov 26, 2020 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants