From 2cf0721ba388f4019dfe915bd36c7b1e3fc869e7 Mon Sep 17 00:00:00 2001 From: Basil Kotov Date: Mon, 23 Oct 2023 10:05:27 +0200 Subject: [PATCH] replace scripts (#218) Co-authored-by: AlexTzykin <52533659+AlexTzykin@users.noreply.github.com> --- .../Scripts/common/directives/uikit-htmleditor.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/VirtoCommerce.CoreModule.Web/Scripts/common/directives/uikit-htmleditor.js b/src/VirtoCommerce.CoreModule.Web/Scripts/common/directives/uikit-htmleditor.js index faa5f41d..ed20a344 100644 --- a/src/VirtoCommerce.CoreModule.Web/Scripts/common/directives/uikit-htmleditor.js +++ b/src/VirtoCommerce.CoreModule.Web/Scripts/common/directives/uikit-htmleditor.js @@ -11,7 +11,8 @@ angular.module('virtoCommerce.coreModule.common').directive('vcUkHtmleditor', [f var htmlEditor = UIkit.htmleditor(element, { mode: 'split', maxsplitsize: 1000, markdown: true, enablescripts: false, iframe: true }); var codeMirror = htmlEditor.editor; //Besides inline scripts need to also eliminate inline event handlers on preview - htmlEditor.on('render', function () { + htmlEditor.on('render', function (event, uiEditor) { + uiEditor.currentvalue = uiEditor.currentvalue.replace(/<(script|style)\b[^<]*(?:(?!<\/(script|style))<[^<]*)*<\/(script|style)[>\s]/img, ''); htmlEditor.replaceInPreview(/(?:<[^>]+\s)((on\S+)=["']?((?:.(?!["']?\s+(?:\S+)=|[>"']))+.)["']?)/ig, eventReplacer); }); htmlEditor.addButtons({