Marco Colli

@neSpecc As a temporary workaround, is there any way to attach the `onChange` event to Editor.js later? (instead of adding it to `new EditorJS`) Something like `editorjs.addEventListener('change')`... In this way...

This issue affects all browsers, including Chrome, Safari and Firefox. It's not something specific to a single browser.

I have bad news, I have created a new image block that doesn't cause the persistent issue... but still, sometimes (not often as before), even on saved pages that don't...

Ok, I think that I found a solution: - upgrading to Editor.js `2.29.0-rc.7` seems to solve the onChange issue with paragraph block - using my own image block instead of...

@dawidpstrak Can you please share your workaround (code) here?

I made some testing now and unfortunately Editor.js seems vulnerable: 1. Just try to add a link and type `javascript:alert('test')` as the URL 2. The `href` is added to the...

Another test: 1. Add some code to the text in the saved JSON, like `"This is a paragraph alert('xss') "` 2. If you load the Editor.js with that JSON, the...

> Editor.js sanitizes all content in several cases: on render, on paste, and on save. > https://editorjs.io/inline-tool-sanitizing/ This sentence is strange, because it's not the behavior that I am seeing.

> you convert that to whatever object representation your server-side language supports, sanitize each block, and then convert back to JSON I've done that properly for our application, but it's...

Also when you call `new EditorJS` on a div that has already some blocks in the HTML, it does not clear existing data. The correct behavior should be clearing existing...