Wysiwyg-editor: Script tag is executing when switching between code view and the normal view

Created on 16 Mar 2017  路  9Comments  路  Source: froala/wysiwyg-editor
Expected behavior.

Switching between the code view and the normal view should not cause script tags to execute, otherwise this editor can't be used to write JavaScript.

The problem lies in editor.html.set() function, which internally uses jQuery .html() function, and that leads to script execution.

The problem can be solved by replacing html() call with the assignment via innerHTML property and I don't see any drawbacks to that solution right now.

Actual behavior.

Switching between modes executes Javascript code inside

All 9 comments

This is the intended behavior. All the html code which is put inside the code view should be rendered on editing view.

Please read more about it here: https://wysiwyg-editor.froala.help/hc/en-us/articles/115000428829-Why-is-the-script-tag-being-removed-.

stefanneculai picture stefanneculai on 17 Mar 2017
😕2

@stefanneculai, well, why not render it via innerHTML? What is the reason to execute the scripts from the code view? innerHTML does exactly the same thing except it doesn't execute any underlying scripts.

What is the reason for allowing to modify htmlRemoveTags option when you can't really use for containing the script tags?

I don't mind that

Related issues

DerekJDev picture DerekJDev  路  3Comments
archonic picture archonic  路  4Comments
horatiua picture horatiua  路  4Comments
bnjmnfnk picture bnjmnfnk  路  4Comments
cristianst picture cristianst  路  4Comments