Schema, description: Not all HTML href attributes showing

Schaussi commented 6 years ago

Enhancement

As a developer, when I use HTML links in the schema definition's description properties, I should be able to use attributes like "onClick" or "id".

Expected behaviour

Using e.g. this line in schema config, "description": "<a href='test' id=\"testID\" ng-click='testClick' onclick='testClick2()' title='testTitle'>Testlinktext</a>"

I expected this output: <a href='test' id=\"testID\" ng-click='testClick' onclick='testClick2()' title='testTitle'>Testlinktext</a>

Actual behaviour

Actual output: <a title="testTitle" href="test">Testlinktext</a>

It seems like some additional attributes are deleted somewhere, but others like "title" or "href" seem to be allowed. Especially the "id" attribute would be important for me. Please give me some hints how to solve this. Thank you!

@json-schema-form/angular-schema-form-lead

Anthropic commented 6 years ago

@Schaussi the only element that will pass scripts into the page is the type template.

  {
      "type":"template",
      "template":"<a href='#' onclick='alert(\"sup bro?\"); return false;' >Test</a>"
  }

The other fields are all being passed by AngularJS $sanitize which you can pass config to and allow elements to be whitelisted, I haven't tested it but I would expect it to work.

Schaussi commented 6 years ago

Thank you for your hints.

In my special case, I ended up with this approach: <a href="#test">test</a> window.setTimeout(meow, 8000); function meow() { var link = $('a[href="#test"]'); link.click(testfunction); }; I know it's not the best way to achieve this, but for my needs it works fine.

Anthropic commented 6 years ago

Glad you found a workable solution for your case :)

Please comment if you want to re-open but I will close now for housekeeping purposes.

json-schema-form / angular-schema-form