How to allow <iframe> while sanitize html string

google / safevalues

Apache License 2.0

110 stars 13 forks source link

How to allow <iframe> while sanitize html string #446

Closed indrasenakatam closed 1 month ago

indrasenakatam commented 1 month ago

import {sanitizeHtml} from 'safevalues';

before sanitizeHtml

<div> some text </div>
<div>
<iframe 
title="title text" 
src="[https://www.youtube.com/embed/XXXXX"](https://www.youtube.com/embed/XXXXX%22)
width="300" height="300" 
frameborder="0" 
allowfullscreen="allowfullscreen">
</iframe>
</div>

after sanitizeHtml <div>some text</div>\n<div></div>

could you please suggest if there any way to allow iframe tag after Sanitization.

thank you in advance.

engelsdamien commented 1 month ago

Our sanitizer doesn't support iframes for dynamically sanitized html, this is unfortunately not configurable.

Note that if your html is not dynamic/user-provided, you should probably use a templating system.