Output removed tags, attributes, etc. for debugging?

apostrophecms / sanitize-html

Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance

MIT License

3.84k stars 353 forks source link

Output removed tags, attributes, etc. for debugging? #231

Closed edemaine closed 4 years ago

edemaine commented 6 years ago

In my system, I print console warnings with before/after text whenever HTML gets sanitized, which makes it easier to see when there's something I need to add to the whitelist. It'd be much better if I could actually output the (typically small) removed parts, instead of the entire HTML passages. Would it be possible to add skipped parts of the input to an array and then making that array accessible?

boutell commented 6 years ago

This is something we'd certainly look at a PR for, you could do it in the same code that decides to keep or reject each piece.

On Wed, Jul 4, 2018 at 10:01 AM, Erik Demaine notifications@github.com wrote:

In my system, I print console warnings with before/after text whenever HTML gets sanitized, which makes it easier to see when there's something I need to add to the whitelist. It'd be much better if I could actually output the (typically small) removed parts, instead of the entire HTML passages. Would it be possible to add skipped parts of the input to an array and then making that array accessible?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/punkave/sanitize-html/issues/231, or mute the thread https://github.com/notifications/unsubscribe-auth/AAB9fRihjMUgQ22aqmFoH_-Rjj9747zqks5uDMqygaJpZM4VCo0U .

THOMAS BOUTELL, CHIEF SOFTWARE ARCHITECT P'UNK AVENUE | (215) 755-1330 | punkave.com

lucizek commented 4 years ago

Hey, is there a way to output removed or unallowed tags to the user?

abea commented 4 years ago

@lucizek I don't think that's a feature that htmlparser2 provides.

boutell commented 4 years ago

Actually, htmlparser2 is giving us everything, and we are deciding what to remove or disallow, so this is possible to do and an option to pass such content to console.debug would be a reasonable PR.

lucizek commented 4 years ago

Not only console.debug, but would be amazing to the actual end-user with a callback or something similar so he can gracefully fail or change his input.

boutell commented 4 years ago

They can do that already by accepting those tags but using the various transformation features of the module. The debugging logging option would be new though.

On Fri, Jun 19, 2020 at 11:35 AM Lukas Cizek notifications@github.com wrote:

Not only console.debug, but would be amazing to the actual end-user with a callback or something similar so he can gracefully fail or change his input.

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/apostrophecms/sanitize-html/issues/231#issuecomment-646701126, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAH27NOXUZ7ISZOMSA663TRXOAUHANCNFSM4FIKRUKA .

THOMAS BOUTELL | CHIEF TECHNOLOGY OFFICER APOSTROPHECMS | apostrophecms.com | he/him/his

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.