search

apostrophecms / sanitize-html

Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance
MIT License
3.68k stars 349 forks source link

Allow code snippets #649

Closed BenRacicot closed 4 months ago

BenRacicot commented 4 months ago

If you're unsure how to proceed with a problem and are not sure if it is a bug, please provide some information so we can help you. You can also use the Apostrophe Discord chat and Github Discussions to ask questions as well.

Question or comment

Please include as much detail as possible so we can help more quickly.

Details

sanitize-html is wokring great in my project, however after implementing my rich-text-editor and allowing users to add code snippets obviously they are removed once I sanitize the content.

Is there a way to allow any code tag only within <code> ... </code>?

boutell commented 4 months ago

In HTML, the code element formats things like code, but it does not mean you don't have to escape characters like < and & and > correctly. You can do so using the normal HTML escapes e.g. &lt; &amp; and &gt;. You can see this if you make an HTML page with a code element and put some additional HTML code inside it. The elements are interpreted normally by the browser, even when inside code.

boutell commented 4 months ago

BTW if you want line breaks to be treated as such you probably want the "pre" element instead. Same catch applies though, you must escape punctuation that has special meaning in HTML.

On Wed, Feb 21, 2024 at 8:19 AM Ben Racicot @.***> wrote:

If you're unsure how to proceed with a problem and are not sure if it is a bug, please provide some information so we can help you. You can also use the Apostrophe Discord chat https://chat.apostrophecms.com/ and Github Discussions https://github.com/apostrophecms/apostrophe/discussions/ to ask questions as well. Question or comment

Please include as much detail as possible so we can help more quickly.

  • What are you trying to do? I'm trying to allow code snippets through sanitization.
  • What have you already tried? Implemented sanitize-html and read the docs (might be missing something)

Details

sanitize-html is wokring great in my project, however after implementing my rich-text-editor and allowing users to add code snippets obviously they are removed once I sanitize the content.

Is there a way to allow any code tag only within ... ?

— Reply to this email directly, view it on GitHub https://github.com/apostrophecms/sanitize-html/issues/649, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAH27M34RFA7UQAC7ZQQ2LYUXX7FAVCNFSM6AAAAABDTBJUCCVHI2DSMVQWIX3LMV43ASLTON2WKOZSGE2DMNZUGE4DIOA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

--

THOMAS BOUTELL | CHIEF TECHNOLOGY OFFICER APOSTROPHECMS | apostrophecms.com | he/him/his

BenRacicot commented 4 months ago

Ah escape first! Brilliant advice, thank you so much.