Const
Default allowlist for embed content (ported from Wikidot's default.php) Only iframes with src matching these host+path patterns will be rendered.
Note: Set to null to allow any HTTPS iframe (Wikidot's 'anyiframe' behavior). sanitize-html still enforces HTTPS-only and blocks dangerous attributes.
Default allowlist for embed content (ported from Wikidot's default.php) Only iframes with src matching these host+path patterns will be rendered.
Note: Set to null to allow any HTTPS iframe (Wikidot's 'anyiframe' behavior). sanitize-html still enforces HTTPS-only and blocks dangerous attributes.