Product Updates

DatoCMS changelog for new features and general improvements
Content Management API UI Improvement Security

Multiple-paragraph text field now supports HTML sanitization

April 13th, 2023

We recently introduced the possibility of validating and sanitising HTML content in multiple-paragraph text fields.

A screenshot that shows the feature in the Validations tab of a field editing modal.

The feature is made of 2 parts:

  • By enabling the validation flag "Prevent the use of dangerous HTML attributes", the editors will be prevented from saving a record if potentially dangerous HTML is present in the field;

  • When the "Remove potentially dangerous attributes" flag is enabled, sanitization will be applied before the validation: field content is potentially subject to changes during the validation phase.

Most of our customers that want to use the feature will probably want to enable both flags. Validation without sanitization is meant for customers who want to apply specific sanitization strategies by developing a custom plugin.

To fix and check the HTML, we used the beautiful sanitize library made by Ryan Grove. Specifically, we went for the relaxed configuration, that allows safe markup, including images and tables, as well as safe CSS. Links are limited to FTP, HTTP, HTTPS, and mailto protocols, while images are limited to HTTP and HTTPS. rel="nofollow" is not added to links.

The feature also affects our Content Management API.

Start using DatoCMS today
According to Gartner 89% of companies plan to compete primarily on the basis of customer experience this year. Don't get caught unprepared.
  • No credit card
  • Easy setup
Subscribe to our newsletter! 📥
One update per month. All the latest news and sneak peeks directly in your inbox.
support@datocms.com ©2024 Dato srl, all rights reserved P.IVA 06969620480