Skip to content

Commit 1f40f86

Browse files
johappeljohappel
committed
fix: korrigiere die Logik zur Überprüfung von editierbaren Zielen für Paste-Events in PasteContainer und Board
1 parent 44e2b1d commit 1f40f86

File tree

3 files changed

+22
-2
lines changed

3 files changed

+22
-2
lines changed

docs/TO-FIX/SECURITY-GARDS.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ Notwendige Fixes und ToDos für den Kanban Editor
1717
- ✅ Tests: `card.authorization.spec.ts` (12 Tests, alle gruen)
1818

1919

20-
### Authorization Guards for Inbound Nostr Events (Kind 8571 & 30302)
20+
### Authorization Guards for Inbound Nostr Events (Kind 8571 & 30302)
2121

2222
**Problem**
2323

src/lib/components/paste/PasteContainer.svelte

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,11 +24,24 @@
2424
children?: import('svelte').Snippet
2525
} = $props();
2626
27+
/**
28+
* Prüft ob das Paste-Target ein editierbares Feld ist (Input, Textarea, TipTap)
29+
*/
30+
function isEditableTarget(target: EventTarget | null): boolean {
31+
if (!(target instanceof HTMLElement)) return false;
32+
const tag = target.tagName.toLowerCase();
33+
if (tag === 'input' || tag === 'textarea') return true;
34+
if (target.isContentEditable) return true;
35+
if (target.closest('[contenteditable="true"], .ProseMirror, .tiptap')) return true;
36+
return false;
37+
}
38+
2739
/**
2840
* Handler für Paste-Event auf Card
2941
*/
3042
async function handleCardPaste(event: ClipboardEvent) {
3143
if (!cardId) return;
44+
if (isEditableTarget(event.target)) return;
3245
3346
// Verhindere Default (Browser würde Text einfügen)
3447
event.preventDefault();
@@ -53,6 +66,7 @@
5366
*/
5467
async function handleColumnPaste(event: ClipboardEvent) {
5568
if (!columnId) return;
69+
if (isEditableTarget(event.target)) return;
5670
5771
// Verhindere Default
5872
event.preventDefault();

src/routes/cardsboard/Board.svelte

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,13 @@
5959
function isEditableTarget(target: EventTarget | null): boolean {
6060
if (!(target instanceof HTMLElement)) return false;
6161
const tag = target.tagName.toLowerCase();
62-
return tag === 'input' || tag === 'textarea' || target.isContentEditable;
62+
if (tag === 'input' || tag === 'textarea') return true;
63+
// Prüfe ob das Element selbst oder ein Eltern-Element contentEditable ist
64+
// (TipTap/ProseMirror setzt contentEditable auf einem Container-Div,
65+
// aber das Event-Target kann ein Kind-Element wie <p>, <span> etc. sein)
66+
if (target.isContentEditable) return true;
67+
if (target.closest('[contenteditable="true"], .ProseMirror, .tiptap')) return true;
68+
return false;
6369
}
6470
6571
async function handleGlobalPaste(event: ClipboardEvent) {

0 commit comments

Comments
 (0)