-
-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature] allow notes://
and file://
protocols
#81
Comments
Are there protocols besides FTP, HTTP, HTTPS, mailto, tel. callto, cid, or xmpp that you'd like to use? If that's a superset of what you like then #155 should address. If not, please let me know what other protocols you have in mind -- I'd love to understand better what you're intending to do. |
Note we'll be adding |
Could |
@fmarkovic Can you help me understand the impact of these changes? What is
I'd like to also suggest that you can customize your application's behavior by adding to Loofah::HTML5::SafeList::ALLOWED_PROTOCOLS.add("xxxxxxxxx") |
Rails' SafeListSanitizer strips whole hrefs from valid user data entered as links in CK editor. Cases that our users expect are |
Where in the application does it make sense to make this change |
@fmarkovic I'm not an expert, but I would do it in a Rails initializer, so it happens once at application startup. It might be worth opening an issue with https://github.com/rails/rails-html-sanitizer to ask about the ability to customize protocols using that gem -- it already allows some other common customizations. |
notes://
and file://
protocols
@flavorjones Using |
Would it be possible to make a prune of the attributes to support custom protocols? Currently it is removes the href attribute if not a known (whitelist) protocol. something that would allow to support extra custom protocols as a list maybe?
The text was updated successfully, but these errors were encountered: