Content Filter

HTML TAG

Allow <iframe> Tag Insertion

Setting the editor.contentFilter.allowIframe option to true allows insertion of <iframe> tags. (default: false)

// synapeditor.config.js
{
    'editor.contentFilter.allowIframe': false
}

Allow <embed> Tag Insertion

Setting the editor.contentFilter.allowEmbed option to true allows insertion of <embed> tags. (default: false)

// synapeditor.config.js
{
    'editor.contentFilter.allowEmbed': false
}

Allow <object> Tag Insertion

Setting the editor.contentFilter.allowObject option to true allows insertion of <object> tags. (default: false)

// synapeditor.config.js
{
    'editor.contentFilter.allowObject': false
}

Allow <link> Tag Insertion

Release 2.7.0 and above. Setting the editor.contentFilter.allowLink option to true allows insertion of <link> tags. (default: false)

// synapeditor.config.js
{
    'editor.contentFilter.allowLink': false
}

HTML SCRIPT & EVENT ATTRIBUTES

Caution!

Security issues that may arise from using these options are not within the scope of our responsibility.

These options may be vulnerable to XSS (Cross-Site Scripting) attacks. This may lead to risks such as personal information leakage, session hijacking, and execution of malicious code. Please pay attention to security when using.

Allow <script> Tag Insertion

Setting the editor.contentFilter.allowScript option to true allows insertion of <script> tags. (default: false)

// synapeditor.config.js
{
    'editor.contentFilter.allowScript': false
}

Allow Event Attribute Insertion

Release 2.7.0 and above. Setting the editor.contentFilter.allowEventAttribute option to true allows event attributes (onclick, onload, onchange, ...) on HTML tags. (default: false)

// synapeditor.config.js
{
    'editor.contentFilter.allowEventAttribute': false
}