we successfully block any unwanted tags pasted from the clipboard, what passes the rte edit plugin and paste-wordhtml is what we want. Fine.
But authors are still able to inject everything they want by using drag&drop from external programs. I.e. they edit a simple HTML file, add some <pre> code, display it in a webbrowser, mark and drag it to the editor.
We tried whatever we could find in the rte configuration, but it looks like the paste settings completely forgot about drag&drop.
So the question is: how do you avoid unwanted tags from drag&drop? Or better, how to you whitelist what you want to allow?
D&D from other browser window is not supported. See if something can be implemented at project level on similar lines as .
Back from vacation, sorry for the delay.
No, you got me wrong, we don't need D&D supported. Instead D&D is supported too much for our needs, as you can drop <pre> or <table> tags into RTE, even if these tags are filtered when pasting from the clipboard. You even can resize a dropped table with the mouse, so D&D seems to be supported very well.
Some sanitizing seems to be done anyway, because <marquee> tags are removed, it looks like there is some sort of blacklist. How is this controlled?