If you set "editor.contentFilter.allowIframe" value to false, insertion of <iframe> tag by the user is restricted and the tag is automatically removed.
{
'editor.contentFilter.allowIframe': false
} |
If you set "editor.contentFilter.allowEmbed" value to false, insertion of <embed> tag by the user is restricted and the tag is automatically removed.
{
'editor.contentFilter.allowEmbed': false
} |
If you set "editor.contentFilter.allowObject" value to false, insertion of <object> tag by the user is restricted and the tag is automatically removed.
{
'editor.contentFilter.allowObject': false
} |
RELEASE 2.3.0 OR ABOVE
If you set 'editor.contentFilter.allowLink' value to false, insertion of <link> tag by the user is restricted and the tag is automatically removed.
{
'editor.contentFilter.allowLink': false
} |
You cannot be held responsible for security issues arising from the use of the option.This option may be vulnerable to XSS (Cross-Site Scripting) attacks, which can lead to the exposure of personal information, session hijacking, or execution of malicious code. Please be cautious of security when using this option. |
If you set "editor.contentFilter.allowIScript" value to false, insertion of <script> tag by the user is restricted and the tag is automatically removed.
{
'editor.contentFilter.allowScript': false
} |
If you set 'editor.contentFilter.allowEventAttribute' value to true, you can use event attributes (onclick, onload, onchange, ....) in HTML tags.
{
'editor.contentFilter.allowEventAttribute': false
} |