You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to make sanitize-html to remove only harmful content, include the vast majority of the tags and attributes, but filter out possible harmful content. <style> is an issue, as we're able to allow the tag, but no way to actually sanitize it, allowedStyles doesn't affect that tag, and the content of the tags is not availalbe in transformTags.
The use case: we have an email previewer in the UI, where in the API we generates the email with MJML, the content is somewhat unexpected, plus every now and then someone define the styles within the <style> tag 🙃
Proposed solution
Include (and allow to mutate) the tag content in transformTags.
(it might be tricky to allow the mutation due to the inner tags 👀)
Alternatives
Manually parse the style tag from the content string 🤷
The text was updated successfully, but these errors were encountered:
The problem to solve
I'm trying to make sanitize-html to remove only harmful content, include the vast majority of the tags and attributes, but filter out possible harmful content.
<style>is an issue, as we're able to allow the tag, but no way to actually sanitize it,allowedStylesdoesn't affect that tag, and the content of the tags is not availalbe intransformTags.The use case: we have an email previewer in the UI, where in the API we generates the email with MJML, the content is somewhat unexpected, plus every now and then someone define the styles within the
<style>tag 🙃Proposed solution
Include (and allow to mutate) the tag content in
transformTags.(it might be tricky to allow the mutation due to the inner tags 👀)
Alternatives
Manually parse the style tag from the content string 🤷
The text was updated successfully, but these errors were encountered: