alaminfirdows · alaminfirdows · Oct 22, 2025
diff --git a/config/laravel_editorjs.php b/config/laravel_editorjs.php
@@ -6,13 +6,13 @@
             'paragraph' => [
                 'text' => [
                     'type'        => 'string',
-                    'allowedTags' => 'i,b,a[href],code[class],mark[class]',
+                    'allowedTags' => 'i,b,a[href],code[class],mark[class],span[class]',
                 ],
             ],
             'header'    => [
                 'text'  => [
                     'type'        => 'string',
-                    'allowedTags' => 'a[href],mark[class]',
+                    'allowedTags' => 'a[href],mark[class],span[class]',
                 ],
                 'level' => [1, 2, 3, 4, 5, 6],
             ],
@@ -26,7 +26,7 @@
                     'data' => [
                         '-' => [
                             'type'        => 'string',
-                            'allowedTags' => 'i,b,a[href],code[class],mark[class]',
+                            'allowedTags' => 'i,b,a[href],code[class],mark[class],span[class]',
                         ],
                     ],
                 ],
@@ -79,7 +79,7 @@
                 ],
                 'caption'        => [
                     'type'        => 'string',
-                    'allowedTags' => 'i,b,a[href],code[class],mark[class]',
+                    'allowedTags' => 'i,b,a[href],code[class],mark[class],span[class]',
                 ],
                 'withBorder'     => 'boolean',
                 'withBackground' => 'boolean',
@@ -95,7 +95,7 @@
                             'data' => [
                                 '-' => [
                                     'type'        => 'string',
-                                    'allowedTags' => 'i,b,a[href],code[class],mark[class]',
+                                    'allowedTags' => 'i,b,a[href],code[class],mark[class],span[class]',
                                 ],
                             ],
                         ],
@@ -105,11 +105,11 @@
             'quote'     => [
                 'text'      => [
                     'type'        => 'string',
-                    'allowedTags' => 'i,b,a[href],code[class],mark[class]',
+                    'allowedTags' => 'i,b,a[href],code[class],mark[class],span[class]',
                 ],
                 'caption'   => [
                     'type'        => 'string',
-                    'allowedTags' => 'i,b,a[href],code[class],mark[class]',
+                    'allowedTags' => 'i,b,a[href],code[class],mark[class],span[class]',
                 ],
                 'alignment' => [
                     0 => 'left',
@@ -138,7 +138,7 @@
                             'data' => [
                                 'text' => [
                                     'type' => 'string',
-                                    'allowedTags' => 'i,b,a[href],code[class],mark[class]',
+                                    'allowedTags' => 'i,b,a[href],code[class],mark[class],span[class]',
                                 ],
                                 'checked' => 'boolean',
                             ],
@@ -166,6 +166,16 @@
                 'height'  => 'integer',
                 'caption' => 'string',
             ],
+            'warning' => [
+                'title' => [
+                    'type' => 'string',
+                    'allowedTags' => 'i,b,a[href],code[class],mark[class],span[class]',
+                ],
+                'message' => [
+                    'type' => 'string',
+                    'allowedTags' => 'i,b,a[href],code[class],mark[class],span[class]',
+                ],
+            ],
         ],
     ],
 ];
diff --git a/resources/views/blocks/checklist.blade.php b/resources/views/blocks/checklist.blade.php
@@ -2,7 +2,7 @@
     @foreach($data['items'] as $item)
         <li>
             <input type="checkbox" {{ $item['checked'] ? 'checked' : '' }} disabled>
-            <span>{!! $item['text'] !!}</span>
+            <span>{!! editorjs_render_inline_code($item['text'] ?? '') !!}</span>
         </li>
     @endforeach
 </ul>

diff --git a/resources/views/blocks/header.blade.php b/resources/views/blocks/header.blade.php
@@ -3,4 +3,4 @@
 $tag = "h{$level}";
 @endphp
 
-<{{ $tag }}>{{ $data['text'] ?? '' }}</{{ $tag }}>
+<{{ $tag }}>{!! editorjs_render_inline_code($data['text'] ?? '') !!}</{{ $tag }}>
diff --git a/resources/views/blocks/list.blade.php b/resources/views/blocks/list.blade.php
@@ -5,6 +5,6 @@
 
 <{{ $tag }}>
     @foreach($data['items'] as $item)
-    <li>{{ $item }}</li>
+    <li>{!! editorjs_render_inline_code($item) !!}</li>
     @endforeach
 </{{ $tag }}>
diff --git a/resources/views/blocks/paragraph.blade.php b/resources/views/blocks/paragraph.blade.php
@@ -1 +1 @@
-<p>{{ $data['text'] }}</p>
+<p>{!! editorjs_render_inline_code($data['text'] ?? '') !!}</p>
diff --git a/resources/views/blocks/quote.blade.php b/resources/views/blocks/quote.blade.php
@@ -11,8 +11,8 @@
 @endphp
 
 <blockquote class="editor-quote">
-    <p class="{{ $class }}">{{ $data['text'] }}</p>
+    <p class="{{ $class }}">{!! editorjs_render_inline_code($data['text'] ?? '') !!}</p>
     @if (!empty($data['caption']))
-    <small class="{{ $class }}">— {{ $data['caption'] }}</small>
+    <small class="{{ $class }}">— {!! editorjs_render_inline_code($data['caption']) !!}</small>
     @endif
-</blockquote>
+</blockquote>
diff --git a/resources/views/blocks/table.blade.php b/resources/views/blocks/table.blade.php
@@ -4,8 +4,8 @@
         @php $tag = ($loop->first && $data['withHeadings']) ? 'th' : 'td'; @endphp
 
         @foreach($row as $cell)
-        <{{ $tag }}> {{ $cell }} </{{ $tag }}>
+        <{{ $tag }}> {!! editorjs_render_inline_code($cell) !!} </{{ $tag }}>
         @endforeach
     </tr>
     @endforeach
-</table>
+</table>
diff --git a/src/helpers.php b/src/helpers.php
@@ -11,3 +11,32 @@ function editorjs()
         return app(LaravelEditorJs::class);
     }
 }
+
+if (! function_exists('editorjs_render_inline_code')) {
+    /**
+     * Render text allowing only <span class="inline-code"> ... </span> tags; escape everything else.
+     */
+    function editorjs_render_inline_code(?string $text): string
+    {
+        if ($text === null || $text === '') {
+            return '';
+        }
+
+        // Escape everything first
+        $escaped = e($text);
+
+        // Unescape ONLY <span class="inline-code"> and </span>
+        // Convert the exact escaped opening tag back to real HTML
+        $escaped = str_replace('&lt;/span&gt;', '</span>', $escaped);
+
+        // Replace opening span with class="inline-code" only
+        // Use a regex to match exactly class="inline-code" (order and spacing normalized by browser is irrelevant here as we control the output)
+        $escaped = preg_replace(
+            '/&lt;span\s+class=&quot;inline-code&quot;&gt;/i',
+            '<span class="inline-code">',
+            $escaped
+        );
+
+        return $escaped;
+    }
+}
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		<p>{{ $data['text'] }}</p>
		<p>{!! editorjs_render_inline_code($data['text'] ?? '') !!}</p>