Html
A block to render HTML.
The Html block sanitizes HTML using DOMPurify's default configuration. This comes with some security considerations, please consider DOMPurify's Security Goals and Threat Model for more details regarding the security impact of using the Html block. In short, it is strongly advised to never render any user input Html content, only render hardcoded or trusted HTML content.
Block
Block Setup
id: block_id
type: Html
properties:
html: <a href="https://lowdefy.com">Lowdefy Website</a>
Settings
Examples
Basic DangerousHtml
A simple white title box
id: basic_example
type: Html
properties:
html: >
<div style="background: #123456; padding: 10px;"><h1 style="color: white;">A
simple white title box</h1></div>
DangerousHtml with iframes sanitized
The iframe was removed: - title: DangerousHtml with iframes enabled
id: sanitized_iframes_example
type: Html
properties:
html: >
The iframe was removed: <iframe style="max-width: 512px;" width="100%"
src="https://www.youtube.com/embed/7N7GWdlQJlU" frameborder="0"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope;
picture-in-picture" allowfullscreen></iframe> - title: DangerousHtml
with iframes enabled
DangerousHtml basic sanitization
id: sanitized_example
type: Html
properties:
html: >
<div style="color: red; border: 2px dashed blue; padding:
10px;"><script>alert("hello world")</script><img src=x onerror=alert("img")
/>A little bit of bad html sanitized.</div>
Html JSON Schema Definition
type: object
properties:
properties:
additionalProperties: false
properties:
html:
description: Content to be rendered as Html.
type: string
style:
description: Css style object to apply to Html div.
type: object
type: object