Current CodeView filtering behavior

The old document is outdated here: codeviewFilter is now enabled by default in this build. Use the examples below to compare a stricter setup with a relaxed iframe policy.

Strict filtering with extra iframe whitelist

Switch to Code View and try script tags or a Vimeo iframe.

Use Code View to paste HTML and compare what survives sanitizing.

Relaxed iframe filtering

This keeps the regex filter, but disables iframe source checks.

Toggle Code View and paste a custom iframe source to compare the result.

Example configuration - CodeView Filters

summernote.create('#strict-codeview-editor', {
  height: 260,
  toolbar: [
    ['view', ['codeview']],
    ['insert', ['video']],
  ],
  codeviewFilter: true,
  codeviewFilterRegex: /<\/*(?:script|style)[^>]*?>/gi,
  codeviewIframeFilter: true,
  codeviewIframeWhitelistSrc: ['player.vimeo.com'],
});

summernote.create('#relaxed-codeview-editor', {
  height: 260,
  toolbar: [
    ['view', ['codeview']],
  ],
  codeviewFilter: true,
  codeviewFilterRegex: /<\/*(?:script|style)[^>]*?>/gi,
  codeviewIframeFilter: false,
});