Document exact changes from upstream Caja

mapbox / sanitize-caja

sanitize html

Apache License 2.0

38 stars 10 forks source link

Document exact changes from upstream Caja #7

Open strugee opened 8 years ago

strugee commented 8 years ago

The README mentions that this is a "slightly loosened" version of Caja. There should be somewhere where I can read about exactly what this means - in particular, I need to know if this strips <style> tags/style= attributes or not.

overint commented 7 years ago

I agree, this would be very helpful.

overint commented 7 years ago

Found the changes.

html4.ATTRIBS['*::style'] = 0;
html4.ELEMENTS['style'] = 0;
html4.ATTRIBS['a::target'] = 0;
html4.ELEMENTS['video'] = 0;
html4.ATTRIBS['video::src'] = 0;
html4.ATTRIBS['video::poster'] = 0;
html4.ATTRIBS['video::controls'] = 0;
html4.ELEMENTS['audio'] = 0;
html4.ATTRIBS['audio::src'] = 0;
html4.ATTRIBS['video::autoplay'] = 0;
html4.ATTRIBS['video::controls'] = 0;