Synap Editor Documentation
Page tree
Skip to end of metadata
Go to start of metadata

HTML TAG


If you set "editor.contentFilter.allowIframe" value to false, insertion of <iframe> tag by the user is restricted and the tag is automatically removed.

synapeditor.config.js
{
	'editor.contentFilter.allowIframe': false
}


If you set "editor.contentFilter.allowEmbed" value to false, insertion of <embed> tag by the user is restricted and the tag is automatically removed.

synapeditor.config.js
{
	'editor.contentFilter.allowEmbed': false
}


If you set "editor.contentFilter.allowObject" value to false, insertion of <object> tag by the user is restricted and the tag is automatically removed.

synapeditor.config.js
{
	'editor.contentFilter.allowObject': false
}

RELEASE 2.3.0 OR ABOVE

RELEASE 2.7.0 OR ABOVE If you set 'editor.contentFilter.allowLink' value to falseinsertion of <link> tag by the user is restricted and the tag is automatically removed.

synapeditor.config.js
{
	'editor.contentFilter.allowLink': false
}

 

 

 


HTML SCRIPT & EVENT ATTRIBUTES

Caution

You cannot be held responsible for security issues arising from the use of the option.

This option may be vulnerable to XSS (Cross-Site Scripting) attacks, which can lead to the exposure of personal information, session hijacking, or execution of malicious code. Please be cautious of security when using this option.

If you set "editor.contentFilter.allowIScript" value to false, insertion of <script> tag by the user is restricted and the tag is automatically removed.

synapeditor.config.js
{
	'editor.contentFilter.allowScript': false
}


RELEASE 2.7.0 OR ABOVE If you set 'editor.contentFilter.allowEventAttribute' value to true, you can use event attributes (onclick, onload, onchange, ....) in HTML tags.

synapeditor.config.js
{
	'editor.contentFilter.allowEventAttribute': false
}
  • No labels