Skip to content

Form Sanitize Config

Jump to bottom
Edwin Anciani edited this page Sep 16, 2019 · 5 revisions

In order to configure the render to modify sanitize configuration, you can use sanitizeConfig in the form settings.

Properties, see Dompurify Doc:

Option Description Default
addTag (Array). If you wish to add new tags to the form renderer default
addAttr (Array). If you wish to add new attributes to the form renderer. ['ref', 'target']
allowedTags (Array). Allow the tag created renders in the form. default
allowedAttrs (Array). Allow the attrs created renders in the form. default

Default Sanitize Config, Default TAGs ATTRIBUTEs whitelist & blacklist:

// Dompurify configuration
  const sanitizeOptions = {
    ADD_ATTR: ['ref', 'target'],
    USE_PROFILES: { html: true }
  };

<html>
  <head>
    <link rel='stylesheet' href='https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css'>
    <link rel='stylesheet' href='https://unpkg.com/formiojs@latest/dist/formio.full.min.css'>
    <script src='https://unpkg.com/formiojs@latest/dist/formio.full.min.js'></script>
    <script type='text/javascript'>
      window.onload = function() {
        Formio.createForm(document.getElementById('formio'), {
          components: [
            {
              type: 'textfield',
              key: 'firstName',
              label: 'First Name',
              placeholder: 'Enter your first name.',
              input: true
            },
            {
              type: 'textfield',
              key: 'lastName',
              label: 'Last Name',
              placeholder: 'Enter your last name',
              input: true
            },
            {
              "html": "<figure class=\"media\"><oembed url=\"https://www.youtube.com/watch?v=zEvzW_sSXk0\"></oembed></figure>",
              "label": "Content",
              "refreshOnChange": false,
              "key": "content",
              "type": "content",
              "dataGridLabel": false,
              "input": false
          },
            {
              type: 'button',
              action: 'submit',
              label: 'Submit',
              theme: 'primary'
            }
          ]
        }, {
          {sanitizeConfig: {
          allowedAttrs: ['ref', 'src', 'url', 'data-oembed-url'],
          allowedTags: ['iframe', 'oembed'],
          addTags: ['iframe', 'oembed'],
          addAttr: ['url', 'data-oembed-url']
        }}
       });
      };
    </script>
  </head>
  <body>
    <div id='formio'></div>
  </body>
</html>

Display Users submitted data into a table inside the admin dashboard?

Home

JavaScript API

Form Renderer

Form Utilities

Modules

Form JSON Specification

Clone this wiki locally