Comments (9)
@ViggoV Not at all. Any questions are welcome.
Check https://github.com/nhnent/tui.editor/blob/master/src/js/htmlSanitizer.js to see which rules are applied.
I think the rules are a bit defensive because we did not have enough time to make it fine grind.
It may be a good time / place to discuss.
from tui.editor.
Yes putting html in MD is valid. But currently we have some rules sanitizing html tag except something like <span style="color~~~ >
which is needed to color text while switching mode.
I'll discuss about this problem with our team members.
Thanks for the issue :)
from tui.editor.
@kyuwoo-choi sorry if this is the wrong place to ask, but are these sanitizing rules documented somewhere? We are looking to use tui to update news on our website and are quite interested in knowing how html tags are treated, mainly in terms of vulnerabilities..
from tui.editor.
In addition to the rules, we should consider the way html2md, md2html and how to treat the tags while editing tags in WYSIWYG mode.
from tui.editor.
Thanks! I can't help but notice that you strip form
, button
, select
and textarea
but apparently not input
.. Is that on purpose?
from tui.editor.
@ViggoV Nothing I remember. I think I will investigate the commits. Thanks!
from tui.editor.
Hello
Same question and didn't find how to deal with it. Can somebody help please ?
I try to edit a file like, f.i.,
# TOC
<div>TEST</div>
The editor has removed the HTML tag so display :
# TOC
TEST
If I save that content, I'll lose my original content.
My problem : I'm using span, div, img and also my own tag called "" and I wish to be able to keep them in the editor.
Note : I didn't see any difference by setting useDefaultHTMLSanitizer
to false in my constructor.
var editor = new tui.Editor({
...
"useDefaultHTMLSanitizer": false
...
});
Thank you!
from tui.editor.
Hi all,
I've write a workaround to bypass my problem.
In my HTML content, I've escape tags : my #sourceMarkDown DOM element contains thus somethink like
<encrypt>MyPassword</encrypt>
In JS, I've :
var editor = new tui.Editor({
"el": document.querySelector('#editorMarkDown'),
"useDefaultHTMLSanitizer": false,
"events": {
"load": fnPluginEditLoaded
}
});
(not sure that useDefaultHTMLSanitizer
is working, don't see the difference if enabled or not)
The fnPluginEditLoaded() function looks like this :
function fnPluginEditLoaded(editor) {
var $MD = $('#sourceMarkDown').text();
$MD = $MD
.replace(/</g,'<')
.replace(/>/g,'>')
.replace(/&/g,'&');
editor.setValue($MD);
return true;
}
Not sure that it's the best way to achieve it but, ok, now, I can continue my migration.
Markdown files that have HTML tags in their content can be edited through tui.editor.
Thanks for this amazing tool (y)
from tui.editor.
This issue is old and will be closed. If there is an issue again, please register as a new issue.
from tui.editor.
Related Issues (20)
- Drag & Drop and Paste of Images renders as Base64 without addImageBlobHook in Firefox HOT 1
- Optionally Support rendered inline math using $$.
- Numbered List Issues
- Make base64 encoded images collapsible
- Select in a cell cause error : Uncaught TypeError: Class constructor Selection cannot be invoked without 'new'
- Any fork of this project? HOT 1
- Inserted Image via URL does not show/load on WYSIWYG only editor
- WYSIWYG mode no character escaping
- Support React@18
- enhance the initial table redring
- customHTMLRenderer behavior in Markdown vs WYSIWYG mode
- 표 내부 텍스트 영역 선택 시, 전체 인식 이슈
- getHTML() Method in Toast-UI/Editor Returns Unexpected Value When Editor is Empty HOT 1
- Multiline XML opening tag is not escaped
- 에디터에서 사진 드래그 앤 드랍 막기.
- Specific HTML input breaks WYSIWYG usability
- Does Toast-UI Editor supports dark theme? HOT 1
- [SyntaxError: Unexpected token] on toastui-editor.css
- [ASK] Word Counter and Character
- bold text is not showed correctly in viewer HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tui.editor.