Clean incoming RTE stuff

Do not allow unwanted attributes on HTML tags.
This already cleans stuff when written to DB.
This commit is contained in:
Daniel Siepmann 2019-12-13 12:11:01 +01:00
parent 217cb21e70
commit 02d58890d9

View file

@ -52,13 +52,16 @@ editor:
# enableShortcut: true # enableShortcut: true
processing: processing:
allowAttributes: [class, title, start] allowAttributes: []
HTMLparser_db: HTMLparser_db:
tags: tags:
ol: ol:
allowedAttribs: allowedAttribs:
- class
- start - start
code:
allowedAttribs: []
pre:
allowedAttribs: []
allowTagsOutside: allowTagsOutside:
- pre - pre
- blockquote - blockquote