messense
commented
2 weeks ago This could be an issue in ammonia (the Rust crate we are wrapping in nh3), but personally I think it should be cleaning the rendered HTML code instead of raw handlebar template because this isn't designed to work with templates that can render to HTML.
While I was trying to clean below html it gave me wrong reordered lines in nh3 than bleach. Here is the example
below is input html string in python
"""<!DOCTYPE html><html><head><meta charset="utf-8"><title>Source Details</title><style>.containerhb {margin: 20px;}.card-det-heading {font-size: 24px;margin-bottom: 10px;}.event-description {color: black;}table {width: 100%;border-collapse: collapse;}th, td {border: 1px solid black;text-align: center;padding: 8px;}</style></head><body><div class="containerhb"><h2 class="card-det-heading">Source Details</h2><div class="event-description">{{#if list_entry.list_source.lists.length}}<table><thead><tr><th>Source Lists</th></tr></thead><tbody>{{#each list_entry.list_source.lists}}<tr><td>{{#if this.name}}<p>{{this.name}}</p>{{else}}<p>Not Available</p>{{/if}}</td></tr>{{/each}}</tbody></table>{{else}}<p style="color:black; text-align:center;"><strong>Data Not Available</strong></p>{{/if}}</div></div></body></html>"""Below is the terminal output, observe the templating part (which are in {{...}} braces ) gets re-ordered in nh3