There is a lot of dependencies so it will be difficult to make a stackblitz but this is the relevant parts of code of one use case. Hope this will be enough to be understandable.
Arnaud.
This is the code in the editor component, wich I would like to improve.
@Input()
set dlContext(dlContext: DLContextSpec) {
// Translates the LoadingContext into html with img tags and data attributes to keep.
let processedData = this.translateDLContextToHtml(dlContext); // <- HTML entered by user, need to be sanitized.
// Saves the specific data attributes, sanitizes the html and restores the saved attributes into the sanitized html.
let dataAttribute: JSONDataAttribute = new JSONDataAttribute(CorpusBlot.CONTEXT_ATTRIBUTE);
let savedDataAttribute = extractDataAttributes(processedData, dataAttribute);
let sanitizedData = this._domSanitizer.sanitize(SecurityContext.HTML, processedData);
// Restores the data attributes.
let index: number = 0;
sanitizedData = sanitizedData.replace(new RegExp(`<${CorpusBlot.tagName} [^>]*class="${CorpusBlot.className}" [^>]*>`, "ig"), (matched) => {
return index < savedDataAttribute.length ? matched.replace('>', ' ' + savedDataAttribute[index++] + '>') : "";
})
this.initialData = this._domSanitizer.bypassSecurityTrustHtml(sanitizedData);
}
}
The editor, QuillJs is then initialized from a div in the template where the resulting SafeHtml of the method above is injected :