Allow any HTML in Label generator (which makes it possible to fully customize the labels)

2025-06-21 09:35:49 +02:00 · 2022-09-25 00:47:53 +02:00 · 2022-09-25 00:47:53 +02:00 · 767bf763b8
commit 767bf763b8
parent d58159f181
1 changed files with 21 additions and 0 deletions
--- a/assets/ckeditor/html_label.js
+++ b/assets/ckeditor/html_label.js
@ -207,6 +207,27 @@ Editor.defaultConfig = {
        ],
        supportAllValues: true
    },
+    // Allow all HTML features for our labels
+    htmlSupport: {
+        allow: [
+            {
+                name: /.*/,
+                attributes: true,
+                classes: true,
+                styles: true
+            }
+        ],
+        disallow: [
+            //Some rudimentary protection against XSS, even if it is not really needed as this is only parsed by DOMHTML which does not support any kind of script execution.
+            {
+                name: /^(head|body|html|script)$/i,
+            },
+            {
+                name: /.*/,
+                attributes: /^on.*/i
+            }
+        ]
+    },
    image: {
        toolbar: [
            'imageTextAlternative',