[Feat Req] A way to set a certain Attr of a Tag regardless of whether its specified

leizongmin / js-xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

http://jsxss.com

Other

5.2k stars 629 forks source link

[Feat Req] A way to set a certain Attr of a Tag regardless of whether its specified #152

Open davidfurlong opened 5 years ago

davidfurlong commented 5 years ago

I want to make sure that a tags have a rel='nofollow' attr. Perhaps this is beyond the scope of this library. However onTagAttr and safeAttrValue seem to only work in terms of removing specified attrs. If this attr isn't specified, it won't get fired. Thx & feel free to close if you want

Kolobok12309 commented 3 years ago

@davidfurlong, you can do something like this if with rel, for remove rel attr before href(browser will ignore second attr with the same name)

onTagAttr(tag, name, value, isWhiteAttr) {
      if (!isWhiteAttr) return;
      if (tag === 'a') {
        if (name === 'rel') return '';
        if (name === 'href') {
          return `href="${xss.escapeAttrValue(value)}" rel="nofollow"`;
        }
      }
    },