-
Notifications
You must be signed in to change notification settings - Fork 42
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sanitize HTML in Wysiwyg #115
Comments
#114 fixes paste problems but removes formatting altogether. It's a very good thing but I reopen this for future improvements on content sanitization. |
I don't understand @armellarcier. What are the future improvements? |
@jacquesbh pasting could keep tags that are allowed ( Again, this could be part of a bigger issue/feature on the mere possibility to completely customize the editor. |
Yes.
I agree with you but it's too complicated to do so. Especially if we allow
more tags and allow to change the default options of the editor.
Also, a tag is not only `<h1>` but could be `<h1 id="…" class="…"
data-*="…" …>` etc.
So I think we will keep it this way and we won't improve the pasting by
allowing some tags.
Unless somebody wants to provide a full PR for it, for me this subject is a
no go right now.
Sorry.
|
I always end up with such saved code when pasting text in the pell Wysiwyg editor.
I think this should be cleaned up automatically without any user configuration needed as it seems to be the philosophy of this plugin to prevent UI breaking due to bad "client" content management. And it would be a security improvement.
Could be done through JS sanitizing on
change
events, onpaste
events (downvote from me) with a lib like https://github.com/apostrophecms/sanitize-html, and/or server-side.It may be good to override the behavior and allow a specific list of tags/attributes in userland also.
jaredreich/pell#53
The text was updated successfully, but these errors were encountered: