Whitelist of HTML Tags - Githubissues

taoguan / jwysiwyg

Automatically exported from code.google.com/p/jwysiwyg

0 stars 0 forks source link

Whitelist of HTML Tags #130

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

I'd like to be able to set a white-list of HTML tags and attributes so that 
if someone tries to enter a tag not in the white list (such as a <script> 
tag), it would HTML encode it.

Original issue reported on code.google.com by haac...@gmail.com on 5 Sep 2009 at 6:41

GoogleCodeExporter commented 8 years ago

This will do nothing for security. You will have to sanitize the input 
server-side.

Original comment by spede...@gmail.com on 6 Sep 2009 at 8:03

GoogleCodeExporter commented 8 years ago

I know. It's not a security feature, it's a WYSIWYG accuracy feature.
Since I do sanitize on the server I want the editor experience to
mimic what they will see when the HTML is actually saved.

I HTML encode tags which are not allowed.

Thanks!

Original comment by haac...@gmail.com on 7 Sep 2009 at 4:47

GoogleCodeExporter commented 8 years ago

This is heavy-weight task.

jQuery Wysiwyg project respond to light-weight tasks.

Original comment by akzhan.a...@gmail.com on 8 Dec 2009 at 5:39

Changed state: WontFix

GoogleCodeExporter commented 8 years ago

Original comment by akzhan.a...@gmail.com on 8 Dec 2009 at 5:39

Added labels: Type-Enhancement
Removed labels: Type-Defect