Closed mdk000 closed 4 months ago
Hi, @mdk000 . Thanks for you PR.
I think it might be better to change quotedAttributeValueSyntax: 'single' | 'double'
to singleQuotedAttributeValue: true | false
. Only when singleQuotedAttributeValue
is set to true
, the attribute values will be wrapped in single quotes. If singleQuotedAttributeValue
is not set or set to false
, the attribute values will be wrapped in double quotes as usual.
@leizongmin thanks for suggestion, I've corrected it, please check
When do you plan to release new version with this feature?
@mdk000 I just merged this MR and released a new version xss@1.0.15
.
@leizongmin awesome! thanks
Hi @leizongmin!
First of all thank you for creating this package. We have been using it for sanitizing html and put it inside JSON files. It can be done in two ways:
{ "html": "<a href=\"#\">Hello</a>" }
{ "html": "<a href='#'>Hello</a>" }
but the default config output is:
{ "html": "<a href="#">Hello</a>" }
We would like to use default config and don't create any custom rules via
safeAttrValue
oronIgnoreTagAttr
, but we need to have single-quoted attribute value syntax for sanitized output. Accodring to whatwg spec, single quoted approach is also valid and supports values containing whitespaces.I've created a PR. Now it's available use new
quotedAttributeValueSyntax
config option. Default behaviour left intact so changes can be treated as enhancement.Let me know what you think