Skip to content

Sanitize styles in markup pasted as markdown#635

Merged
samuelpecher merged 2 commits intomainfrom
pasted-plain-markup
Jan 21, 2026
Merged

Sanitize styles in markup pasted as markdown#635
samuelpecher merged 2 commits intomainfrom
pasted-plain-markup

Conversation

@samuelpecher
Copy link
Collaborator

@samuelpecher samuelpecher commented Jan 20, 2026

  • Ensure PASTE_TAG is applied to nodes created via insertHtml so sanitization occurs.
  • Tightened tests to include <span> and plain-text markup.

Fixes #602, thanks @lylo

cc @packagethief

There's a slight imbalance of abstractions. It would be nicer to not call editor.update() from the clipboard handler, or alternatively call it every time consistently. Not calling it would require passing clipboardData to Contents, leaking the abstraction. Calling editor.update() everywhere will result in a better-avoided nested update when calling insertHtml. The compromise is passing a tag to insertHtml to apply to the update.

@samuelpecher samuelpecher mentioned this pull request Jan 20, 2026
Closed
@samuelpecher
Ensure all pasted updates have PASTE_TAG
f43f0ec 
- Add PASTE_TAG for all clipboard operations
- Encode pasted plain_text with to_json
- Test for pasted markup in text/plain
@samuelpecher samuelpecher merged commit 2f05400 into main Jan 21, 2026
5 checks passed
@samuelpecher samuelpecher deleted the pasted-plain-markup branch January 21, 2026 09:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Pasting text copies background colour

1 participant

@samuelpecher