mehdisadeghi
commented
2 years ago You can already override the default options by passing your config as sanitizeOptions.
Edit: for example { USE_PROFILES: { html: true, mathMl: true } }
Closed mKadiyan closed 2 years ago
mehdisadeghi
commented
2 years ago You can already override the default options by passing your config as sanitizeOptions.
Edit: for example { USE_PROFILES: { html: true, mathMl: true } }
mKadiyan
commented
2 years ago Ok.. got it thanks..... One request, Can we somehow avoid introducing breaking changes... it took lot of time to identify these
mehdisadeghi
commented
2 years ago Yes, definitely, sorry about that. We have missed it that time. I'm closing this, feel free to reopen if necessary.
Scenerio : The math string that we pass to component not necessarily contains the TEX or math ascii etc, it may contains simple HTML too. e.g.
const math = "<p>N<sub>2</sub>O<sub>3</sub></p>";Expectation is , component should convert the math expression and leave rest as it is. but the default sanitization setting that are added 2.2.0 onwards remove the html tag.
e.g. const defaultSanitizeOptions = { USE_PROFILES: {mathMl: true}, ADD_ATTR: ['columnalign'], }
DOMPurify.sanitize(math, {...defaultSanitizeOptions});
Convert above expression to N2O3 and we loss html tag and hence parsing..
please remove the default sanitisation..