Comments (5)
And to the point @shurcooL made about HTML5, just for future reference it's true that we use a HTML5 library, but we're really only using it as a tokenizer.
As you clearly spotted we have our own internal logic as to which elements to permit without attributes. I sourced that list from HTML5 references, explicitly avoiding adding anything that W3C marked as deprecated or obsolete, hence the omission of big
.
Thanks for enabling others to permit other tags. Sample code for those who stumble upon this issue:
p := bluemonday.NewPolicy()
p.AllowElements("font")
// At this point "<font>hello</font>" would p.Sanitize() to "hello".
p.AllowNoAttrs().OnElements("font")
// At this point "<font>hello</font>" would p.Sanitize() to "<font>hello</font>".
from bluemonday.
You need to escape HTML symbols in your Markdown post. It is unreadable right now.
It is not said that bluemonday is only html5-sanitizer
This is worth clarifying first. bluemonday uses golang.org/x/net/html
package which is an HTML5-compliant parser.
from bluemonday.
You need to escape HTML symbols in your Markdown post. It is unreadable right now.
Fixed.
This is worth clarifying first. bluemonday uses golang.org/x/net/html package which is an HTML5 parser.
Golang parser can parse most html4 documents, why not to allow users to customize policies with old tags? Internet is full of non-html5 documents, it will be good if bluemonday could be able to work with them.
from bluemonday.
Hello, what's about this issue?
from bluemonday.
Auto-closed by Github. But I wanted to say thanks for the code. I would've merged sooner but I was cycling up some mountains and had left my laptop at home. Github lacks an out-of-office status unfortunately.
from bluemonday.
Related Issues (20)
- How to disallow emoji? HOT 1
- Go ParseThru vulnerability HOT 2
- Test case not sanitising HOT 1
- Paragraph sanitization (e.g. img.alt) is too restrictive, disallows punctuation
- Sanitize only what is disallowed HOT 1
- Way to skip html escaping code blocks? HOT 1
- Can't allow `<picture>` and `<source>` HOT 1
- Add url prefix for tags such as `a`, `img` and `iframe` HOT 3
- Error when using & and amp in url
- Strip only single attribute HOT 3
- Trailing spaces in style attributes break sanitizing
- Is there a way to allow all URL schemes? HOT 3
- Sanitization removes spacing HOT 1
- How to retain URL? HOT 1
- Option to add spaces HOT 2
- SVG policy HOT 1
- <a> tags in tables not matched correctly HOT 1
- New maintainers for bluemonday in 2024 HOT 1
- Filter multiple class values through whitelist
- multiple matching global matchers can cause duplicated attributes HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bluemonday.