-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
建议给出HTML禁止或允许使用的标签设置,是否允许JS等设置 #70
Comments
过滤指定HTML标签解析示例: {
htmlDecode : "style,script,iframe" // 指定你想禁止解析的HTML标签
// htmlDecode : true // 开启 / 解析所有HTML标签
// htmlDecode : false // 禁用HTML标签解析
} https://pandao.github.io/editor.md/examples/html-tags-decode.html |
我明白你的意思了 <p style="color:red;text-align:center;border:3px solid #000;height:30px;line-height:24px;" onclick="javascript:alert('hi');">nihao ya </p>
<i class="fa fa-circle"></i>
<style>body{background:red;}</style> |
@wakaryry 嗯,谢谢你的建议,尤其是关于禁止事件。 |
非常不错的东西 |
@wakaryry @v1.4.2 已支持过滤HTML标签的属性和事件。 |
@pandao Nice |
这里禁止html标签指的是预览部分html标签么?还是提交表单的时候markdown内容里的html标签也会被过滤么? |
@9v-kz 是指解析和预览的HTML的标签及属性。 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
很不错的工作。
个人建议增加禁止或者允许某些HTML标签的设置。让使用者自己去配置。
还有不应该禁止掉JS吗?
The text was updated successfully, but these errors were encountered: