archive/BookStackApp_BookStack
0
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-04-29 22:29:57 +00:00
Code Issues Projects Releases Wiki Activity

Comments: Added HTML filter on load, tinymce elem filtering

Browse source 
- Added filter on load to help prevent potentially dangerous comment
  HTML in DB at load time (if it gets passed input filtering, or is
  existing).
- Added TinyMCE valid_elements for input wysiwygs, to gracefully degrade
  content at point of user-view, rather than surprising the user by
  stripping content, which TinyMCE would show, post-save.
This commit is contained in:
Dan Brown 2024-01-31 16:20:22 +00:00
parent e9a19d5878
commit 06901b878f
No known key found for this signature in database
GPG key ID: 46D9F943C24A2EF9
4 changed files with 27 additions and 4 deletions
resources/js/wysiwyg
config.js

1
resources/js/wysiwyg/config.js
View file

@ -339,6 +339,7 @@ export function buildForInput(options) {
toolbar: 'bold italic link bullist numlist',
content_style: getContentStyle(options),
file_picker_types: 'file',
valid_elements: 'p,a[href|title],ol,ul,li,strong,em,br',
file_picker_callback: filePickerCallback,
init_instance_callback(editor) {
addCustomHeadContent(editor.getDoc());