不能渲染富文本字符串中的视频<video>标签和<script>标签 #303
Comments
|
应该是被xss过滤了 可以参考文档配置一下 xss的标签和属性白名单 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Describe the issue
不能正常渲染HTML富文本字符串中的
<video>视频标签,会将里面的<source>视频资源识别为普通文本。不能正常渲染HTML富文本字符串中的
<script>脚本标签,会将里面的脚本识别为普通文本。Procedure version
1.7.12
Reproduction link
<p>下面是视频:</p><video controlslist="nodownload" controls="" id="_vsb_player" style="background-color:#474747;float: none" align="" width="800" height="600"><source src="https://wxc.cdut.edu.cn/__local/8/C3/8D/7885FC54EE6EDA1B9834978D706_BE2E12E3_1F8CBB.mp4?e=.mp4" type="video/mp4"/></video><p>下面是脚本:</p><script name="_videourl" vurl="https://wxc.cdut.edu.cn/__local/2/2B/DC/6383229226A0DECE48EB774E166_A1E82CF7_120BE7.mp4?e=.mp4" vwidth="800" vheight="600" rand="null" align="" vsbhrefname="vurl" style="float: none">showVsbVideo("https://wxc.cdut.edu.cn/__local/2/2B/DC/6383229226A0DECE48EB774E166_A1E82CF7_120BE7.mp4?e=.mp4","height=\"600\"","width=\"800\"","","float: none","false");</script>The text was updated successfully, but these errors were encountered: