joostvanhoof
commented
2 years ago This could be solved by going to views/vendor/nova-editor-js/paragraph and changing {{ $text }} to {!! $text !!} but that feels hacky?
Closed joostvanhoof closed 2 years ago
joostvanhoof
commented
2 years ago This could be solved by going to views/vendor/nova-editor-js/paragraph and changing {{ $text }} to {!! $text !!} but that feels hacky?
roelofr
commented
2 years ago EditorJs puts links as inline HTML, so I'm afraid that's the only possible way.
It still leaves an opportunity for XSS injects. You could use an HTML purifier on those entries, but adding them to this package is likely to cause the complexity to explode.
roelofr
commented
2 years ago Scratch that, it's actually filtered by the EditorJS package used by this package.
I'll update, the templates, but using raw-html statements there is perfectly safe. See also src/config/nova-editor-js.php section validationSettings → tools → paragraph
I'm using the
NovaEditorJsCaston my modal. Everything is rendering as expected, except for anchor tags (<a href="..."></a>), those are displayed as plain text. Anything I'm missing? I'm using the regular{{ $post->body }}in my blade view.