-
Hi, In the version 3.x.x, the 'renderItem' method allowed me to directly return an string with html styled like this:
It's not safe, however, I want to keep styling the pop-up that shows a list of users to mention (show an avatar and name). This should be possible according to the documentation: "This function will need to return either a string possibly containing unsanitized user content, or a class implementing the Node interface which will be treated as a sanitized DOM node", but I cannot get it to work and I don't see any example of it working in Angular 14. Is it not possible? Any idea? Thanks |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
I'm not familiar with angular enough to be helpful unfortunately, but instead of returning the string, you can maybe write some JS like this:
This way, someone can't create an |
Beta Was this translation helpful? Give feedback.
-
Oh I also forgot to mention, you can also look at the source code for quill-mention.com for an example of returning nodes instead of returning strings: Line 155 in f2801f2 |
Beta Was this translation helpful? Give feedback.
I'm not familiar with angular enough to be helpful unfortunately, but instead of returning the string, you can maybe write some JS like this:
This way, someone can't create an
elem.imageLink
orelem.value
that could escape the string and start trying to execute code, but I'm not sure how to better plug those Node elements into angular :(