Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitize <style> content #657

Open
mloureiro opened this issue Mar 1, 2024 · 1 comment
Open

Sanitize <style> content #657

mloureiro opened this issue Mar 1, 2024 · 1 comment
Labels
enhancement seeking contributions

Comments

@mloureiro
Copy link

The problem to solve

I'm trying to make sanitize-html to remove only harmful content, include the vast majority of the tags and attributes, but filter out possible harmful content.
<style> is an issue, as we're able to allow the tag, but no way to actually sanitize it, allowedStyles doesn't affect that tag, and the content of the tags is not availalbe in transformTags.

The use case: we have an email previewer in the UI, where in the API we generates the email with MJML, the content is somewhat unexpected, plus every now and then someone define the styles within the <style> tag 🙃

Proposed solution

Include (and allow to mutate) the tag content in transformTags.
(it might be tricky to allow the mutation due to the inner tags 👀)

Alternatives

Manually parse the style tag from the content string 🤷
@king-bcolor
Copy link

I have the same question

I think it should add transformStyle into api , rather than into content in transformTags.

who submit code about the issue , if nobody then I to submit ?

I want to pull request , but have no time

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement seeking contributions
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@boutell @mloureiro @king-bcolor