From 9705360d9880000098c5830cfbdc05ca372dc6ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Fri, 7 Sep 2018 13:37:07 +0200 Subject: [PATCH] Enable only a few headings in CKEditor Allowing every format is way more than what we initially intended. I've only added h2 and h3 because h1 is set somewhere else in the page (like the title), and h4, h5 and h6 are usually not necessary. --- app/assets/javascripts/ckeditor/config.js | 1 + lib/wysiwyg_sanitizer.rb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/app/assets/javascripts/ckeditor/config.js b/app/assets/javascripts/ckeditor/config.js index c6dbd10da..305d0faf9 100644 --- a/app/assets/javascripts/ckeditor/config.js +++ b/app/assets/javascripts/ckeditor/config.js @@ -14,6 +14,7 @@ CKEDITOR.editorConfig = function( config ) config.filebrowserUploadUrl = "/ckeditor/attachment_files"; config.allowedContent = true; + config.format_tags = "p;h2;h3"; // Rails CSRF token config.filebrowserParams = function(){ diff --git a/lib/wysiwyg_sanitizer.rb b/lib/wysiwyg_sanitizer.rb index 64c26c34f..26792b21c 100644 --- a/lib/wysiwyg_sanitizer.rb +++ b/lib/wysiwyg_sanitizer.rb @@ -1,6 +1,6 @@ class WYSIWYGSanitizer - ALLOWED_TAGS = %w(p ul ol li strong em u s img a h1 h2 h3 h4 h6 pre addres div) + ALLOWED_TAGS = %w(p ul ol li strong em u s img a h2 h3) ALLOWED_ATTRIBUTES = %w(href style src alt) def sanitize(html)