Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance
I'm trying to make sanitize-html to remove only harmful content, include the vast majority of the tags and attributes, but filter out possible harmful content.
<style> is an issue, as we're able to allow the tag, but no way to actually sanitize it, allowedStyles doesn't affect that tag, and the content of the tags is not availalbe in transformTags.
The use case: we have an email previewer in the UI, where in the API we generates the email with MJML, the content is somewhat unexpected, plus every now and then someone define the styles within the <style> tag 🙃
Proposed solution
Include (and allow to mutate) the tag content in transformTags.
(it might be tricky to allow the mutation due to the inner tags 👀)
Alternatives
Manually parse the style tag from the content string 🤷
The problem to solve
I'm trying to make sanitize-html to remove only harmful content, include the vast majority of the tags and attributes, but filter out possible harmful content.
<style>is an issue, as we're able to allow the tag, but no way to actually sanitize it,allowedStylesdoesn't affect that tag, and the content of the tags is not availalbe intransformTags.The use case: we have an email previewer in the UI, where in the API we generates the email with MJML, the content is somewhat unexpected, plus every now and then someone define the styles within the
<style>tag 🙃Proposed solution
Include (and allow to mutate) the tag content in
transformTags. (it might be tricky to allow the mutation due to the inner tags 👀)Alternatives
Manually parse the style tag from the content string 🤷