angular icon indicating copy to clipboard operation
angular copied to clipboard

Published 20 hours ago verified publisher icon formio

[Question] how i can allow unsafe HTML in the html component

Open HenriqueVilela opened this issue 4 years ago • 2 comments

I need to let the html component execute scripts. but i notice that the formio removes my script tags and other unsafe tags like iframe dont work.

HenriqueVilela avatar Mar 31 '20 16:03 HenriqueVilela

Obviously this is on purpose, but it can be overridden with options that get passed to the sanitize methods. Here is the code that shows them.

https://github.com/formio/formio.js/blob/master/src/utils/utils.js#L1046

These options are passed to the DOMPurify library found @ https://github.com/cure53/DOMPurify#can-i-configure-dompurify. They can be passed to the Form.io renderer within Angular like this.

<formio [rendererOptions]="{
  sanitizeConfig: {
    addTags: ['iframe']
  }
}"></formio>

travist avatar Apr 01 '20 15:04 travist

after check on source code here and here I could make renderer to display custom component tags Just in ngOnInit of parent component

registerCustomTag('custom-tag', this.injector);

OleksandrPoshtaruk1533 avatar Oct 10 '23 08:10 OleksandrPoshtaruk1533