ezyang
commented
2 years ago This is OK. If we put this in the library proper, it needs to be gated the same way textarea is gated.
Closed bytestream closed 2 years ago
ezyang
commented
2 years ago This is OK. If we put this in the library proper, it needs to be gated the same way textarea is gated.
bytestream
commented
2 years ago I only actually want to allow false so maybe contenteditable="false can be permitted, and contenteditable="" or contenteditable="true" only permitted when HTML.Trusted is enabled?
ezyang
commented
2 years ago Sure. Though, if you only want false, I wonder why not just disallow the attribute entirely haha.
bytestream
commented
2 years ago The attribute has significance in wysiwyg editors. When htmlpurifier removes it, the editors behaviour differently :p
bytestream
commented
2 years ago How about that? :eyes:
See https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/contenteditable