From 02d58890d9cd3c9ccbaff190401366177e7adafc Mon Sep 17 00:00:00 2001
From: Daniel Siepmann <coding@daniel-siepmann.de>
Date: Fri, 13 Dec 2019 12:11:01 +0100
Subject: [PATCH] Clean incoming RTE stuff

Do not allow unwanted attributes on HTML tags.
This already cleans stuff when written to DB.
---
 Configuration/RTE/Default.yaml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/Configuration/RTE/Default.yaml b/Configuration/RTE/Default.yaml
index 82b8810..06be146 100644
--- a/Configuration/RTE/Default.yaml
+++ b/Configuration/RTE/Default.yaml
@@ -52,13 +52,16 @@ editor:
         #     enableShortcut: true
 
 processing:
-    allowAttributes: [class, title, start]
+    allowAttributes: []
     HTMLparser_db:
         tags:
             ol:
                 allowedAttribs:
-                    - class
                     - start
+            code:
+                allowedAttribs: []
+            pre:
+                allowedAttribs: []
     allowTagsOutside:
         - pre
         - blockquote