Closed bytestream closed 2 years ago
This is OK. If we put this in the library proper, it needs to be gated the same way textarea is gated.
I only actually want to allow false
so maybe contenteditable="false
can be permitted, and contenteditable=""
or contenteditable="true"
only permitted when HTML.Trusted
is enabled?
Sure. Though, if you only want false, I wonder why not just disallow the attribute entirely haha.
The attribute has significance in wysiwyg editors. When htmlpurifier removes it, the editors behaviour differently :p
How about that? :eyes:
See https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/contenteditable