[feature] allow notes:// and file:// protocols
#81
Comments
|
Are there protocols besides FTP, HTTP, HTTPS, mailto, tel. callto, cid, or xmpp that you'd like to use? If that's a superset of what you like then #155 should address. If not, please let me know what other protocols you have in mind -- I'd love to understand better what you're intending to do. |
flavorjones
added
the
allowlist
|
Note we'll be adding |
|
Could |
|
@fmarkovic Can you help me understand the impact of these changes? What is
I'd like to also suggest that you can customize your application's behavior by adding to Loofah::HTML5::SafeList::ALLOWED_PROTOCOLS.add("xxxxxxxxx") |
|
Rails' SafeListSanitizer strips whole hrefs from valid user data entered as links in CK editor. Cases that our users expect are |
|
Where in the application does it make sense to make this change |
|
@fmarkovic I'm not an expert, but I would do it in a Rails initializer, so it happens once at application startup. It might be worth opening an issue with https://github.com/rails/rails-html-sanitizer to ask about the ability to customize protocols using that gem -- it already allows some other common customizations. |
flavorjones
changed the title
notes:// and file:// protocols
|
@flavorjones Using |
Would it be possible to make a prune of the attributes to support custom protocols? Currently it is removes the href attribute if not a known (whitelist) protocol. something that would allow to support extra custom protocols as a list maybe?
The text was updated successfully, but these errors were encountered: