Clean incoming RTE stuff

Do not allow unwanted attributes on HTML tags.
This already cleans stuff when written to DB.
This commit is contained in:
Daniel Siepmann 2019-12-13 12:11:01 +01:00
parent 217cb21e70
commit 02d58890d9

View file

@ -52,13 +52,16 @@ editor:
# enableShortcut: true
processing:
allowAttributes: [class, title, start]
allowAttributes: []
HTMLparser_db:
tags:
ol:
allowedAttribs:
- class
- start
code:
allowedAttribs: []
pre:
allowedAttribs: []
allowTagsOutside:
- pre
- blockquote