From f6d3e008029bcb5d0003a0672b14d603439b6810 Mon Sep 17 00:00:00 2001 From: basilkot Date: Thu, 19 Oct 2023 21:54:36 +0100 Subject: [PATCH] replace scripts --- .../Scripts/common/directives/uikit-htmleditor.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/VirtoCommerce.CoreModule.Web/Scripts/common/directives/uikit-htmleditor.js b/src/VirtoCommerce.CoreModule.Web/Scripts/common/directives/uikit-htmleditor.js index faa5f41d..ed20a344 100644 --- a/src/VirtoCommerce.CoreModule.Web/Scripts/common/directives/uikit-htmleditor.js +++ b/src/VirtoCommerce.CoreModule.Web/Scripts/common/directives/uikit-htmleditor.js @@ -11,7 +11,8 @@ angular.module('virtoCommerce.coreModule.common').directive('vcUkHtmleditor', [f var htmlEditor = UIkit.htmleditor(element, { mode: 'split', maxsplitsize: 1000, markdown: true, enablescripts: false, iframe: true }); var codeMirror = htmlEditor.editor; //Besides inline scripts need to also eliminate inline event handlers on preview - htmlEditor.on('render', function () { + htmlEditor.on('render', function (event, uiEditor) { + uiEditor.currentvalue = uiEditor.currentvalue.replace(/<(script|style)\b[^<]*(?:(?!<\/(script|style))<[^<]*)*<\/(script|style)[>\s]/img, ''); htmlEditor.replaceInPreview(/(?:<[^>]+\s)((on\S+)=["']?((?:.(?!["']?\s+(?:\S+)=|[>"']))+.)["']?)/ig, eventReplacer); }); htmlEditor.addButtons({