Closed arildm closed 3 years ago
This is because tag o:p
does not in the default whiteList
.
If you want to allow this tag, change the whiteList
options.
Ref: https://github.com/leizongmin/js-xss#whitelist
@leizongmin whiteList
not work for <!--<![endif]-->
, because this code will parse as tag ![endif]--
when parser.parseTag
My problem was that the tag was escaped instead of removed. Problem solved by adding onIgnoreTag: () => ""
to the config. I should have RTFM :)
Tags like
<o:p></o:p>
get escaped. They should perhaps be filtered away instead?This particular example comes from copying MS Word-generated HTML. Related: #196