You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This main feature of this release is fix to prevent XSS with the default commands along with dropping IE and legacy Edge support.
The editor also now includes the [dompurify](https://github.com/cure53/DOMPurify) library to help prevent any future XSS attacks. This isn't fully backwards compatible as `dompurify` may cause some HTML to be stripped. If you have any code that includes iframes, the allowed URLs will need to be added to the new `allowedIframeUrls` option.
The other breaking change is that the no longer supports IE and legacy Edge. The editor can still run in source mode in those browsers if the `runWithoutWysiwygSupport` option is enabled.
ResolvesSimpleMachines#6535
live627
added a commit
to live627/SMF2.1
that referenced
this issue
Mar 1, 2021
This main feature of this release is fix to prevent XSS with the default commands along with dropping IE and legacy Edge support.
The editor also now includes the [dompurify](https://github.com/cure53/DOMPurify) library to help prevent any future XSS attacks. This isn't fully backwards compatible as `dompurify` may cause some HTML to be stripped. If you have any code that includes iframes, the allowed URLs will need to be added to the new `allowedIframeUrls` option.
The other breaking change is that the no longer supports IE and legacy Edge. The editor can still run in source mode in those browsers if the `runWithoutWysiwygSupport` option is enabled.
ResolvesSimpleMachines#6535
Description
https://github.com/samclarke/SCEditor/releases/tag/v3.0.0
SCEditor has released a major update that has fixed some security issues, bugs and updated dependencies.
This needs tested and verified to ensure it is compatible with SMF 2.1
I'm tagging @live627 as he has helped fix some of the SCEditor bugs and has some good knowledge of the interworking.
This should be merged in RC4 because we need to see testing to ensure its stable before release.
The text was updated successfully, but these errors were encountered: