Fix #486: Return an empty string when input is a nullish HTML

apostrophecms / sanitize-html

Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance

MIT License

3.79k stars 353 forks source link

Fix #486: Return an empty string when input is a nullish HTML #496

Closed postatum closed 3 years ago

postatum commented 3 years ago

Note that nullish values also include 0, but according to this comment of a repo member:

In any case it is up to the caller to pass a string.

boutell commented 3 years ago

If it has a toString() I think it should be left alone, 0 is an unusual input but no need to reject it. I suggest testing with == null instead. This matches only null and undefined which are the only cases that don't support toString() and thus have trouble.

postatum commented 3 years ago

If it has a toString() I think it should be left alone, 0 is an unusual input but no need to reject it. I suggest testing with == null instead. This matches only null and undefined which are the only cases that don't support toString() and thus have trouble.

I see. I've changed the test to == null.

postatum commented 3 years ago

Would you kindly add a changelog entry? Thank you!

Done. Please let me know if that's an OK description.