Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

[HtmlSanitizer] Add support for escaping #60125

New issue
Copy link
New issue
Copy link
Open
Open
[HtmlSanitizer] Add support for escaping#60125
Copy link
Labels
FeatureHtmlSanitizer
@lyrixx

Description

@lyrixx
lyrixx
opened on Apr 2, 2025
Issue body actions

Description

ATM, the sanitizer can do only 3 things:

enum HtmlSanitizerAction: string
{
    /**
     * Dropped elements are elements the sanitizer should remove from the input, including their children.
     */
    case Drop = 'drop';

    /**
     * Blocked elements are elements the sanitizer should remove from the input, but retain their children.
     */
    case Block = 'block';

    /**
     * Allowed elements are elements the sanitizer should retain from the input.
     */
    case Allow = 'allow';
}

I propose to add another mode: escape that would escape a node.

This is the second time where I need this feature, so maybe it's time to open an RFC.

My use case if the following:
It's exactly how github markdown works.
We can use raw HTML with few HTML tag, like <b>: exemple
But some other are escaped, like <script>: <script>console.log('a')</script>

cc @tgalopin @nicolas-grekas

Metadata

Metadata

Assignees

No one assigned

    Labels

    FeatureHtmlSanitizer

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      Morty Proxy This is a proxified and sanitized view of the page, visit original site.