Why DatoCMS
Happy team
For developers
For digital marketers
For content creators
Ready integrations with
NextNuxtReactVueRemixNetlifyVercel
Features
Worldwide CDN
Performant, secure, and close to every customer
GraphQL Content API
Develop faster with powerful developer tools
Images API
Endless transformations at your disposal
Video API
Produce videos and serve them fast to any device
Multi-language
Reach global audience with localized content
Dynamic layouts
Easily build dynamic layouts for landing pages
Content integrity
Validations, sandbox environments and roles
Workflows
Supercharge your content approval process
Real-time updates
Live changes to content on production website
Structured text
Freedom for editors, control for developers
Customers
Quotes
Read our Testimonials
Enterprise
DatoCMS for Enterprise
Success stories
Polestar
Localise everything to build a global carmaker website
Shopify Orberlo
Painless switch to static from Wordpress
Hashicorp
How HashiCorp delivers a reliable editorial workflow
Chilly's Bottles
How Rotate built a 2M users a month e-commerce
Matter Supply
How to deliver an Emmy award-campaign in 4 weeks
Dovetail
Why DatoCMS is their headless CMS of choice
Browse all the case studies »
Learn
Documentation
Guides, tutorials and API reference
Blog
Culture, learnings, and announcements
Product updates
Changelog for new features and improvements
Academy
Deep dive into the concepts around headless
Community forum
Ask questions and discuss with your peers
Slack channel
Chat live with other devs in our Slack channel
Support
Got questions? Get in touch with our team
Marketplace
Starter projects
Start with a fully configured DatoCMS project
Plugins
Easily expand the capabilities of DatoCMS
Hosting & Builds
No matter the stack you're using, we've got you covered
Enterprise apps
Keep your company data secure
Partners
PricingContact salesLog inGet started

Product Updates

DatoCMS changelog for new features and general improvements
Content Management APIUI ImprovementSecurity
Multiple-paragraph text field now supports HTML sanitization
April 13th, 2023

We recently introduced the possibility of validating and sanitising HTML content in multiple-paragraph text fields.

A screenshot that shows the feature in the Validations tab of a field editing modal.

The feature is made of 2 parts:

  • By enabling the validation flag "Prevent the use of dangerous HTML attributes", the editors will be prevented from saving a record if potentially dangerous HTML is present in the field;

  • When the "Remove potentially dangerous attributes" flag is enabled, sanitization will be applied before the validation: field content is potentially subject to changes during the validation phase.

Most of our customers that want to use the feature will probably want to enable both flags. Validation without sanitization is meant for customers who want to apply specific sanitization strategies by developing a custom plugin.

To fix and check the HTML, we used the beautiful sanitize library made by Ryan Grove. Specifically, we went for the relaxed configuration, that allows safe markup, including images and tables, as well as safe CSS. Links are limited to FTP, HTTP, HTTPS, and mailto protocols, while images are limited to HTTP and HTTPS. rel="nofollow" is not added to links.

The feature also affects our Content Management API.

Start using DatoCMS today
According to Gartner 89% of companies plan to compete primarily on the basis of customer experience this year. Don't get caught unprepared.
Try it for free!
  • No credit card
  • Easy setup
Status
Team
Pricing
DatoCMS for Enterprise
Features
Resources
Social
Technologies
Compare DatoCMS
Company
Sitemaps
Subscribe to our newsletter! 📥
One update per month. All the latest news and sneak peeks directly in your inbox.
Privacy policyCookie policyGDPR ComplianceTerms of Service
support@datocms.com ©2024 Dato srl, all rights reserved P.IVA 06969620480