Closed afbora closed 3 years ago
To be honest I wonder why the alt
field of the image block in particular is unescaped while all other fields of all other blocks are. Where does this escaping on the content level happen and why doesn't it apply to alt
?
The alt attribute is managed by a regular text input. The other fields are Writers and they handle HTML sanitization already via ProseMirror.
Ah, that makes sense! 👍
I'm currently checking each snippet again.
I tried all block fields. I only saw issue in image and markdown. I reverted it as it can use HTML tag inside the markdown.