John-Odom
commented
1 year ago We would love this
Open flavorjones opened 1 year ago
John-Odom
commented
1 year ago We would love this
flavorjones
commented
1 year ago @John-Odom Thanks for commenting! Can you tell me a little bit about your use case?
I recently had a conversation with some folks about best practices in sanitizing CSS stylesheets, and I realized that Loofah is no help here. Currently
<style>tag contents are treated as CDATA but no particular sanitization is being done like we do forstyleattributes.What do y'all think about adding some Crass-based parsing for
<style>tags to ensure they're well-formed and sanitized similarly tostyleattributes?We obviously would want to take care that Rails apps (and any other web apps that use Loofah) wouldn't accidentally scrub any stylesheets that are inlined in
html/head. But I think this should be easy?