-
Notifications
You must be signed in to change notification settings - Fork 355
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
allowedStyles does not work #622
Comments
Hi @david-siqi-liu, it('should allow RGB styles', function () {
assert.equal(
sanitizeHtml('<p style="color: rgb(241, 196, 15);">Color</p>', {
allowedTags: ['p'],
allowedAttributes: {
p: ['style']
},
allowedStyles: {
'*': {
// Match HEX and RGB
color: [/^#(0x)?[0-9a-f]+$/i, /^rgb\(\s*(\d{1,3})\s*,\s*(\d{1,3})\s*,\s*(\d{1,3})\s*\)$/],
'text-align': [/^left$/, /^right$/, /^center$/],
// Match any number with px, em, or %
'font-size': [/^\d+(?:px|em|%)$/]
},
p: {
'font-size': [/^\d+rem$/]
}
}
}),
'<p style="color:rgb(241, 196, 15)">Color</p>'
);
}); |
I am having the same issue with the same ruleset using version: "sanitize-html": "2.10.0". Input: <p style="text-align: center;">text align center</p> Output: <p>text align center</p> Solution is to replace the wildcard/asterisk of allowedStyles with the specified element or an empty string like so: allowedStyles: {
'': {
// Match HEX and RGB
color: [
/^#(0x)?[0-9a-f]+$/i,
/^rgb\(\s*(\d{1,3})\s*,\s*(\d{1,3})\s*,\s*(\d{1,3})\s*\)$/,
],
'text-align:': [/^left$/, /^right$/, /^center$/],
// Match any number with px, em, or %
'font-size': [/^\d+(?:px|em|%)$/],
'width': [/^\d+(?:px|em|%)$/],
},` Also make sure the style properties for each elements are included in your allowedAttributes. |
It's also happen to me . |
@david-siqi-liu do you have a fix? |
PLEASE NOTE: make sure the bug exists in the latest patch level of the project. For instance, if you are running a 2.x version of Apostrophe, you should use the latest in that major version to confirm the bug.
To Reproduce
Step by step instructions to reproduce the behavior:
Expected behavior
Describe the bug
Details
Version of Node.js:
16
Server Operating System:
MacOS
Additional context:
"sanitize-html": "^2.10.0",
Screenshots
The text was updated successfully, but these errors were encountered: