Lowdefy
v3.23.3/display/Html/

Html

A block to render HTML.

The Html block sanitizes HTML using DOMPurify's default configuration. This comes with some security considerations, please consider DOMPurify's Security Goals and Threat Model for more details regarding the security impact of using the Html block. In short, it is strongly advised to never render any user input Html content, only render hardcoded or trusted HTML content.

id: block_id
type: Html
properties:
  html: <a href="https://lowdefy.com">Lowdefy Website</a>
properties:
Content to be rendered as Html.
Css style object to apply to Html div.
Basic DangerousHtml

A simple white title box

id: basic_example
type: Html
properties:
  html: >
    <div style="background: #123456; padding: 10px;"><h1 style="color: white;">A
    simple white title box</h1></div>
DangerousHtml with iframes sanitized
The iframe was removed: - title: DangerousHtml with iframes enabled 
id: sanitized_iframes_example
type: Html
properties:
  html: >
    The iframe was removed: <iframe style="max-width: 512px;" width="100%"
    src="https://www.youtube.com/embed/7N7GWdlQJlU" frameborder="0" 
    allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope;
    picture-in-picture" allowfullscreen></iframe>      - title: DangerousHtml
    with iframes enabled
DangerousHtml basic sanitization
A little bit of bad html sanitized.
id: sanitized_example
type: Html
properties:
  html: >
    <div style="color: red; border: 2px dashed blue; padding:
    10px;"><script>alert("hello world")</script><img src=x onerror=alert("img")
    />A little bit of bad html sanitized.</div>


type: object
properties:
  properties:
    additionalProperties: false
    properties:
      html:
        description: Content to be rendered as Html.
        type: string
      style:
        description: Css style object to apply to Html div.
        type: object
    type: object