Closed bertyhell closed 1 year ago
Thanks. Does allowedStyles
still do anything when parseStyleAttributes
is false? Is it misleading to suggest anything is done to sanitize styles in the presence of this setting?
@boutell Good point, i added some extra text in the readme to make the user aware of this:
When you disable the parsing of the style attribute, the
allowedStyles
option is automatically ignored, and all styles will be allowed.
Good stuff. I think we also should throw an error when allowedStyles
is configured in the presence of this setting. Just to be safe.
@boutell fixed, when they are used together you get this error:
throw new Error('allowedStyles option cannot be used together with parseStyleAttributes: false.');
@boutell fixed
@boutell fixed
Thanks!
This will fix https://github.com/apostrophecms/sanitize-html/issues/547
This PR introduces a new option:
By default set to true, to match the current behavior. But a user can set it to false, to skip parsing style tags. This can avoid issues when the package is used in the browser.