Comments (9)
andris-sevcenko
commented on June 1, 2024
1
HTML purifier already does that by default for you when saving: http://htmlpurifier.org/live/configdoc/plain.html#HTML.TargetNoopener
Unless you have disabled HTML purifier or explicitly turned that setting off.
from redactor.
XhmikosR
commented on June 1, 2024
Weird, this doesn't seem to be the case for me. I definitely haven't explicitly touched HTML puriffier's config so something else must be going on.
from redactor.
brandonkelly
commented on June 1, 2024
@XhmikosR In your Redactor field settings, is “Purify HTML?” still enabled?
from redactor.
XhmikosR
commented on June 1, 2024
Hmm, it must be a field where that might be off. Going through all my fields right now.
from redactor.
XhmikosR
commented on June 1, 2024
OK, I think that was the reason. Some fields had the option disabled. Sorry for the noise!
from redactor.
brandonkelly
commented on June 1, 2024
No worries, glad to hear it’s working as expected :)
from redactor.
XhmikosR
commented on June 1, 2024
Unfortunately enabling this breaks any IDs and classes we have. :/
@brandonkelly Is it possible to provide a more flexible HTML Purifier config? For example I have also enabled the custom properties Redactor plugin but it's moot since on Save IDs and Classes are being removed :/
I tried setting up my custom config but seems a bit too much for me to handle this only on my own...
{
"Attr.AllowedFrameTargets": ["_blank"],
"Attr.EnableID": true,
"HTML.AllowedAttributes": "img.src,a.href,a.target,a.rel,*.id,*.class",
"HTML.AllowedComments": ["pagebreak"]
}What are the default allowed attributes for example? None? If I don't specify img.src I can't even add an image then.
I can make a new issue, I just started playing with this due to rel noopener initially.
from redactor.
brandonkelly
commented on June 1, 2024
@XhmikosR Right now we’re mostly just focused on allowing HTML that can be added via the UI. So if something is getting dropped that you added via the UI, you can post a new issue about that. Otherwise, you can create your own HTML Purifier config.
from redactor.
XhmikosR
commented on June 1, 2024
@brandonkelly: this is done via the UI with https://imperavi.com/redactor/plugins/properties/
Yet, the default config strips IDs and classes.
I did try to use my own config, see above, but then I'd need to whitelist every possible attribute myself. So, I think it would be for the greater good if this was tackled upstream here.
from redactor.
Related Issues (20)
- Figures aren't stripped when pasting content, even with pasteImages false and removing the figure tag from pasteBlockTags
- Formatting option is not being applied HOT 1
- [4.x]: Images added in Redactor field initially have wrong URL before save HOT 4
- Test issue
- test issue
- Fullscreen in element slide-outs is broken HOT 1
- Using a custom 'formattingAdd' para style injects unwanted <p> and <br> tags HOT 1
- Problem with showing product links on a multi-site setup.
- Inline mode breaks the field
- Query string getting stripped from linked entry URLs
- Redactor fields not available for entries view/filter HOT 2
- Dutch translation for "Link to an asset" missing HOT 2
- Limiter copy/paste behaves very strange.
- Selecting an Image Transform causes Select button to spin indefinitely
- Line break inside A tag
- [4.4]: Table/view configuration does not offer Redactor items HOT 1
- Image position setting is broken
- Craft 3.8.11 update - no longer have video or hr available in redactor field
- redactor should contain at most 65535 charcters HOT 1
- Absolute fallback url in links
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from redactor.