Skip to content

feat: add dom-purify to tiptap editor update #729

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
bddjong wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

feat: add dom-purify to tiptap editor update #729

bddjong wants to merge 2 commits into from

Conversation

@bddjong
Copy link
Contributor

@bddjong bddjong commented May 16, 2024
edited
Loading

  • Add dom purify
  • Test output is still the same
  • Test output is sanitized if needed (need to check how to test this, what's supposed to be sanitized)
  • Investigate how how to sanitize the JSON save option (we don't use it but the code path exists now.)

@bddjong bddjong requested a review from Robbert May 16, 2024 09:26
@bddjong
Copy link
Contributor Author

bddjong commented May 21, 2024
edited
Loading

Tested that its (at least partially) working by temporarily stripping data-attributes. Potentially XSS href's arent being stripped correctly though. I suspect the output is already escaped at the point where dom-purify is implemented now, which could cause it to just ignore it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Robbert Robbert Awaiting requested review from Robbert

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bddjong