is HTML exported sanitized? #4534
-
|
The html got from |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
@acywatson @fantactuka @thegreatercurve @tylerjbainbridge @ivailop7 @zurfyx |
Beta Was this translation helpful? Give feedback.
-
|
While there are certainly some good practices like ignoring the 'script' tag when parsing the HTML: For all intended purposes, in my understanding, the HTML is not sanitized. The core nodes do use safe tags, but given the flexibility the decorator node gives, it should be the user's responsibility for due diligence of the plugins you are adding in your editor. |
Beta Was this translation helpful? Give feedback.
-
|
@toddteller Does this also answer your question? I'm satisfied with this one. |
Beta Was this translation helpful? Give feedback.
-
|
how can i use dompurify to make sure the html is sanitized in a way that make it safe to store and safe for collaborative editing ? thank you <3 |
Beta Was this translation helpful? Give feedback.
While there are certainly some good practices like ignoring the 'script' tag when parsing the HTML:
and some limited URL sanitization.
For all intended purposes, in my understanding, the HTML is not sanitized. The core nodes do use safe tags, but given the flexibility the decorator node gives, it should be the user's responsibility for due diligence of the plugins you are adding in your editor.