Stop Medium Editor from preventing sanitization

jjeffryes · jjeffryes · commit 3e04982a4edc · 2016-04-19T09:31:34.000-04:00
This restores sanitization to HTML fields, and prevents invalid tags
from being used.
diff --git a/js/utils/validateMediumEditor.js b/js/utils/validateMediumEditor.js
@@ -15,6 +15,9 @@ function checkVal($field) {
   // replace double quotes with single quotes to avoid invalid json
   //fVal = fVal.replace(/\\([\s\S])|(")/g, "'");
 
+  //decode text the medium editor encodes, or  the medium editor will remove it the second time
+  fVal = decodeHtml(fVal);
+
   fVal = sanitizeHTML(fVal, {
     allowedTags: [ 'h2','h3', 'h4', 'h5', 'h6', 'p', 'a','u','ul', 'ol', 'nl', 'li', 'b', 'i', 'strong', 'em', 'strike', 'hr', 'br', 'img', 'blockquote' ],
     //allowedTags: [ 'h2','h3', 'h4', 'h5', 'h6', 'p','u','ul', 'ol', 'nl', 'li', 'b', 'i', 'strong', 'em', 'strike', 'hr', 'br', 'blockquote' ],
@@ -26,8 +29,7 @@ function checkVal($field) {
       return frame.tag === 'p' && !frame.text.trim();
     }
   });
-  //decode text the medium editor encodes, or  the medium editor will remove it the second time
-  fVal = decodeHtml(fVal);
+
   
   $field.val(fVal);
 
