github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-06-06 10:44:33 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Comments: Added HTML filter on load, tinymce elem filtering

Browse Source 
- Added filter on load to help prevent potentially dangerous comment
  HTML in DB at load time (if it gets passed input filtering, or is
  existing).
- Added TinyMCE valid_elements for input wysiwygs, to gracefully degrade
  content at point of user-view, rather than surprising the user by
  stripping content, which TinyMCE would show, post-save.
This commit is contained in:
Dan Brown
2024-01-31 16:20:22 +00:00
parent e9a19d5878
commit 06901b878f
4 changed files with 27 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
resources/js/wysiwyg/config.js
View File

@ -339,6 +339,7 @@ export function buildForInput(options) {
toolbar: 'bold italic link bullist numlist',
content_style: getContentStyle(options),
file_picker_types: 'file',
valid_elements: 'p,a[href|title],ol,ul,li,strong,em,br',
file_picker_callback: filePickerCallback,
init_instance_callback(editor) {
addCustomHeadContent(editor.getDoc());