search

tl-its-umich-edu / canvas-app-explorer

A Web application that presents a list of Canvas external (LTI) tools with details. When integrated within Canvas, the user can search for specific LTI tool(s), and add or remove those tools from Canvas courses.
Apache License 2.0
4 stars 6 forks source link

Restrict formatting allowed and accepted from editor #217

Closed jonespm closed 2 years ago

jonespm commented 2 years ago

Because the admin editor (TinyMCE) currently allows anything, including copy and pasting styles, and the frontend presents this with dangerouslySetInnerHTML there was some desire to better restrict the tags and content that can be used both by the editor and displayed.

This could either be done in the backend when the content is delivered to the API or possibly in React. We have to determine what things we want to whitelist, like links, and possibly simple formatting like bold/italic/colors, and block everything else.

ssciolla commented 2 years ago

This is conceptually a duplicate of #203. I'm going to add this comment to the issue, but close this one to consolidate.