From 7ea4567b9b9c0f37a8109750ad57789fa60ee7f3 Mon Sep 17 00:00:00 2001
From: MarioTesoro <mario@kraken.localdomain>
Date: Sun, 14 Dec 2025 16:17:11 +0100
Subject: [PATCH 1/2] bugfix added sanitization html preview to text.

---
 .../angular-editor/src/lib/editor/angular-editor.component.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/projects/angular-editor/src/lib/editor/angular-editor.component.ts b/projects/angular-editor/src/lib/editor/angular-editor.component.ts
index f8d94ad2..bcacc4c4 100644
--- a/projects/angular-editor/src/lib/editor/angular-editor.component.ts
+++ b/projects/angular-editor/src/lib/editor/angular-editor.component.ts
@@ -353,6 +353,10 @@ export class AngularEditorComponent implements OnInit, ControlValueAccessor, Aft
       oCode.focus();
     } else {
       if (this.doc.querySelectorAll) {
+        // if sanitize: true the html element, from preview to text, is sanitized according the sanitizer config. 
+        if(this.config.sanitize || this.config.sanitize === undefined){
+          editableElement.innerText = this.sanitizer.sanitize(SecurityContext.HTML, editableElement.innerText)
+        }
         this.r.setProperty(editableElement, 'innerHTML', editableElement.innerText);
       } else {
         oContent = this.doc.createRange();

From b0729c0bcd74011a32ac58007eebc491089dee4e Mon Sep 17 00:00:00 2001
From: MarioTesoro <tesoromario99@gmail.com>
Date: Wed, 17 Dec 2025 23:25:23 +0100
Subject: [PATCH 2/2] Added sanitization in oContent

---
 .../src/lib/editor/angular-editor.component.ts           | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/projects/angular-editor/src/lib/editor/angular-editor.component.ts b/projects/angular-editor/src/lib/editor/angular-editor.component.ts
index bcacc4c4..89e270b4 100644
--- a/projects/angular-editor/src/lib/editor/angular-editor.component.ts
+++ b/projects/angular-editor/src/lib/editor/angular-editor.component.ts
@@ -354,14 +354,19 @@ export class AngularEditorComponent implements OnInit, ControlValueAccessor, Aft
     } else {
       if (this.doc.querySelectorAll) {
         // if sanitize: true the html element, from preview to text, is sanitized according the sanitizer config. 
-        if(this.config.sanitize || this.config.sanitize === undefined){
+        if(this.config.sanitize !== false){
           editableElement.innerText = this.sanitizer.sanitize(SecurityContext.HTML, editableElement.innerText)
         }
         this.r.setProperty(editableElement, 'innerHTML', editableElement.innerText);
       } else {
         oContent = this.doc.createRange();
         oContent.selectNodeContents(editableElement.firstChild);
-        this.r.setProperty(editableElement, 'innerHTML', oContent.toString());
+        let oContentString = oContent.toString()
+        // if sanitize: true the oContent is sanitized according the sanitizer config. 
+        if(this.config.sanitize !== false){
+          oContentString = this.sanitizer.sanitize(SecurityContext.HTML, oContentString)
+        }
+        this.r.setProperty(editableElement, 'innerHTML', oContentString);
       }
       this.r.setProperty(editableElement, 'contentEditable', true);
       this.modeVisual = true;