search

microsoft / roosterjs

roosterjs is a framework-independent javascript rich text editor.
Other
1.17k stars 157 forks source link

Copy/cut will fail if trustedTypes default policy filters comment out #2289

Closed Yexiaoxing closed 8 months ago

Yexiaoxing commented 10 months ago

Describe the bug

When we have trusted thpes default policy on, and the createHTML filters comment out, the copy action will fail.

To Reproduce

Enable trusted types default policy as follows:

  window.trustedTypes.createPolicy("default", {
      createScriptURL:  str => str,
      createScript: str => str,
      createHTML: str => DOMPurify.sanitize(str),
  });

And try to copy in editor, it will fail.

Expected behavior

Screenshots n/a

Device Information

Additional context Add any other context about the problem here.

JiuqingSong commented 10 months ago

The old editor does rely on comment when cut/copy. So you need to enable comment in DOMPurify config as well.

https://github.com/microsoft/roosterjs/blob/2df5113c2c4e394f1b70f3cef8b600131c847e21/demo/scripts/utils/trustedHTMLHandler.ts#L5

The new Content Model editor (https://microsoft.github.io/roosterjs/index.html?cm=1) does not rely on comment.

Yexiaoxing commented 10 months ago

@JiuqingSong I understand that comment is needed in old mode, can we state it somewhere in the document, or warn user when it happens?

JiuqingSong commented 9 months ago

Please feel free to submit a PR about this. You can add comment to the trustHTMLHandler code or type declaration.

Thanks.

JiuqingSong commented 8 months ago

Close old bug without new replies, and given that we are deprecating old editor and replace with new editor based on Content Model which doesn't have this issue anymore, we won't fix this one.