HTML lost in WYSIWYG mode about tui.editor HOT 9 CLOSED

@ViggoV Not at all. Any questions are welcome.
Check https://github.com/nhnent/tui.editor/blob/master/src/js/htmlSanitizer.js to see which rules are applied.

I think the rules are a bit defensive because we did not have enough time to make it fine grind.
It may be a good time / place to discuss.

from tui.editor.

Yes putting html in MD is valid. But currently we have some rules sanitizing html tag except something like <span style="color~~~ > which is needed to color text while switching mode.
I'll discuss about this problem with our team members.

Thanks for the issue :)

from tui.editor.

@kyuwoo-choi sorry if this is the wrong place to ask, but are these sanitizing rules documented somewhere? We are looking to use tui to update news on our website and are quite interested in knowing how html tags are treated, mainly in terms of vulnerabilities..

from tui.editor.

In addition to the rules, we should consider the way html2md, md2html and how to treat the tags while editing tags in WYSIWYG mode.

from tui.editor.

Thanks! I can't help but notice that you strip form, button, select and textarea but apparently not input.. Is that on purpose?

from tui.editor.

@ViggoV Nothing I remember. I think I will investigate the commits. Thanks!

from tui.editor.

Hello

Same question and didn't find how to deal with it. Can somebody help please ?

I try to edit a file like, f.i.,

# TOC
<div>TEST</div>

The editor has removed the HTML tag so display :

# TOC
TEST

If I save that content, I'll lose my original content.

My problem : I'm using span, div, img and also my own tag called "" and I wish to be able to keep them in the editor.

Note : I didn't see any difference by setting useDefaultHTMLSanitizer to false in my constructor.

	var editor = new tui.Editor({
		...
		"useDefaultHTMLSanitizer": false
		...
	});

Thank you!

from tui.editor.

Hi all,

I've write a workaround to bypass my problem.

In my HTML content, I've escape tags : my #sourceMarkDown DOM element contains thus somethink like

<encrypt>MyPassword</encrypt>

In JS, I've :

var editor = new tui.Editor({
    "el": document.querySelector('#editorMarkDown'),	
    "useDefaultHTMLSanitizer": false,	
    "events": {
        "load": fnPluginEditLoaded
     }
});

(not sure that useDefaultHTMLSanitizer is working, don't see the difference if enabled or not)

The fnPluginEditLoaded() function looks like this :

function fnPluginEditLoaded(editor) {
    var $MD = $('#sourceMarkDown').text();

    $MD = $MD
        .replace(/&lt;/g,'<')
        .replace(/&gt;/g,'>')
        .replace(/&amp;/g,'&');

    editor.setValue($MD);

    return true;
}

Not sure that it's the best way to achieve it but, ok, now, I can continue my migration.

Markdown files that have HTML tags in their content can be edited through tui.editor.

Thanks for this amazing tool (y)

from tui.editor.

This issue is old and will be closed. If there is an issue again, please register as a new issue.

from tui.editor.