Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

[HtmlSanitizer] Add support for escaping #60125

Copy link
Copy link
Open
@lyrixx

Description

@lyrixx
Issue body actions

Description

ATM, the sanitizer can do only 3 things:

enum HtmlSanitizerAction: string
{
    /**
     * Dropped elements are elements the sanitizer should remove from the input, including their children.
     */
    case Drop = 'drop';

    /**
     * Blocked elements are elements the sanitizer should remove from the input, but retain their children.
     */
    case Block = 'block';

    /**
     * Allowed elements are elements the sanitizer should retain from the input.
     */
    case Allow = 'allow';
}

I propose to add another mode: escape that would escape a node.


This is the second time where I need this feature, so maybe it's time to open an RFC.

My use case if the following:
It's exactly how github markdown works.
We can use raw HTML with few HTML tag, like <b>: exemple
But some other are escaped, like <script>: <script>console.log('a')</script>

cc @tgalopin @nicolas-grekas

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      Morty Proxy This is a proxified and sanitized view of the page, visit original site.