[CKEditor] Cross Scripting

[CKEditor] Cross Scripting

  
Forge Component
(13)
Published on 2017-02-19 by Carlos Henriques
13 votes
Published on 2017-02-19 by Carlos Henriques

Is there a way to prevent Cross Scripting in the rich editor (e.g. links to JS commands), without loosing the markup for other html tags (e.g. bold, bullet list) ? Or is this a case of 'all or nothing' markups ?

Cheers,
Hugo

CKEditor can have allowed and disallowed content so you can keep basic formatting whilst stripping javascript etc. In fact from memory javascript was striped by default.

Some details on the CKEditor page itself.

https://docs.ckeditor.com/ckeditor4/latest/guide/dev_disallowed_content.html