HTML TAG
If you set "editor.contentFilter.allowIFrameallowIframe" value to false, insertion of <iframe> tag by the user is restricted and the tag is automatically removed.
| Code Block |
|---|
| language | js |
|---|
| theme | Emacs |
|---|
| title | synapeditor.config.js |
|---|
|
{
'editor.contentFilter.allowIframe': false
} |
If you set "editor.contentFilter.allowEmbed" value to false, insertion of <embed> tag by the user is restricted and the tag is automatically removed.
| Code Block |
|---|
| language | js |
|---|
| theme | Emacs |
|---|
| title | synapeditor.config.js |
|---|
|
{
'editor.contentFilter.allowIFrameallowEmbed': false
} |
If you set "editor.contentFilter.allowIScriptallowObject" value to false, insertion of <script> <object> tag by the user is restricted and the tag is automatically removed.
| Code Block |
|---|
| language | js |
|---|
| theme | Emacs |
|---|
| title | synapeditor.config.js |
|---|
|
{
'editor.contentFilter.allowScriptallowObject': false
} |
RELEASE 2.3.0 OR ABOVE
| Status |
|---|
| colour | Yellow |
|---|
| title | RELEASE 2.7.0 OR ABOVE |
|---|
|
If you set 'editor.contentFilter.
allowScriptallowLink' value to
false,
insertion of <a> <link> tag by the user is restricted and the tag is automatically removed.| Code Block |
|---|
| language | js |
|---|
| theme | Emacs |
|---|
| title | synapeditor.config.js |
|---|
|
{
'editor.contentFilter.allowLink': false
} |
...
HTML SCRIPT & EVENT ATTRIBUTES
| Warning |
|---|
|
You cannot be held responsible for security issues arising from the use of the option.This option may be vulnerable to XSS (Cross-Site Scripting) attacks, which can lead to the exposure of personal information, session hijacking, or execution of malicious code. Please be cautious of security when using this option. |
If you set "editor.contentFilter.allowIScript" value to false, insertion of <script> tag by the user is restricted and the tag is automatically removed.
| Code Block |
|---|
| language | js |
|---|
| theme | Emacs |
|---|
| title | synapeditor.config.js |
|---|
|
{
'editor.contentFilter.allowScript': false
} |
| Status |
|---|
| colour | Yellow |
|---|
| title | RELEASE 2.7.0 OR ABOVE |
|---|
|
If you set 'editor.contentFilter.allowEventAttribute' value to
true, you can use
event attributes (onclick, onload, onchange, ....) in HTML tags....