Clean incoming RTE stuff

Do not allow unwanted attributes on HTML tags. This already cleans stuff when written to DB.
2019-12-13 12:11:01 +01:00 · 2019-12-13 12:11:01 +01:00 · 02d58890d9
commit 02d58890d9
parent 217cb21e70
1 changed files with 5 additions and 2 deletions
--- a/Configuration/RTE/Default.yaml
+++ b/Configuration/RTE/Default.yaml
@ -52,13 +52,16 @@ editor:
        #     enableShortcut: true

 processing:
-    allowAttributes: [class, title, start]
+    allowAttributes: []
    HTMLparser_db:
        tags:
            ol:
                allowedAttribs:
-                    - class
                    - start
+            code:
+                allowedAttribs: []
+            pre:
+                allowedAttribs: []
    allowTagsOutside:
        - pre
        - blockquote