Fix: default whitelist JiHong88#1408

onedark23 · Aug 12, 2024 · a96accf · a96accf
1 parent d4916d0
commit a96accf
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 4 deletions.
diff --git a/src/lib/core.js b/src/lib/core.js
@@ -5927,7 +5927,9 @@ export default function (context, pluginCallButtons, plugins, lang, options, _re
             // set whitelist
             const getRegList = function (str, str2) { return !str ? '^' : (str === '*' ? '[a-z-]+' : (!str2 ? str : (str + '|' + str2))); };
             // tags
-            const defaultAttr = 'contenteditable|colspan|rowspan|target|href|download|rel|src|alt|class|type|controls|origin-size';
+            const videoAttr = '|controls|autoplay|loop|muted|poster|preload|playsinline';
+            const iframeAttr = '|allowfullscreen|sandbox|loading|allow|referrerpolicy|frameborder|scrolling';
+            const defaultAttr = 'contenteditable|colspan|rowspan|target|href|download|rel|src|alt|class|type|origin-size' + videoAttr + iframeAttr;
             const dataAttr = 'data-format|data-size|data-file-size|data-file-name|data-origin|data-align|data-image-link|data-rotate|data-proportion|data-percentage|data-exp|data-font-size';
             this._allowHTMLComments = options._editorTagsWhitelist.indexOf('//') > -1 || options._editorTagsWhitelist === '*';
             // html check

diff --git a/test/dev/suneditor_build_test.js b/test/dev/suneditor_build_test.js
@@ -1027,14 +1027,24 @@ let s2 = window.s2 = suneditor.create(document.getElementById('editor2'), {
             html: '<p>Template 1</p>'
         }
     ],
+    videoUploadUrl: 'http://localhost:3000/editor/upload',
+    videoFileInput: true,
     // font: ['\'Exo 2\'', 'Sans-serif', 'Exo 2'],
     imageGalleryUrl: 'https://etyswjpn79.execute-api.ap-northeast-1.amazonaws.com/suneditor-demo',
+    videoTagAttrs: {
+        autoplay: true,
+        muted: true,
+    },
     // addTagsWhitelist: "fld|sort|sortType|lst|lstfld|header|section",
     lineAttrReset: 'class',
     imageAccept: '*/*',
-    value: `<p>Ôtez la <span style="color: rgb(235, 141, 117)">complexité</span>,<br>
-M.Biz vous apporte des solutions utiles<br>
-</p>`,
+    value: `<div class="se-component se-video-container __se__float-none" style="width: 100%;">
+  <figure style="width: 100%; height: 56.25%; padding-bottom: 56.25%;">
+    <video controls="true" autoplay="true" muted="true" src="http://localhost:3000/public/files/d55bddf8d62910879ed9f605522149a8.mp4" data-proportion="true" style="width: 100%; height: 100%;" data-percentage="100%,56.25%" width="100%" height="56.25%" data-size="100%,56.25%" data-align="none" data-index="0" data-file-name="SampleVideo_1280x720_1mb.mp4" data-file-size="1055736" data-origin="100%,56.25%"></video>
+  </figure>
+</div>
+
+<p>aaa</p>`,
     // attributesWhitelist: {
     //     all: 'style|class',
     // },