search

microcosm-cc / bluemonday

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
https://github.com/microcosm-cc/bluemonday
BSD 3-Clause "New" or "Revised" License
3.12k stars 176 forks source link

Can't add tags #119

Closed ghost closed 3 years ago

ghost commented 3 years ago

Hi, How to enable following tags 1.DOCTYPE 2.meta 3.xml

Also following code gets removed &gt!--[if gte mso 9]><![endif]--&gt

So how to solve these issues ?

buro9 commented 3 years ago

Do you have a test that shows what you expect given a piece of example input?

Additionally do you realise that we use a HTML 5 parsing library and are designed for user generated content? If so, what's your use case? What are you trying to achieve?

On Sat, 24 Apr 2021, 18:34 rakeshp2007, @.***> wrote:

Hi, How to enable following tags 1.DOCTYPE 2.meta 3.xml

Also following code also gets removed

So how to solve these issues ?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/microcosm-cc/bluemonday/issues/119, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAARZ5IBODRNA6IWRAAEBTDTKL6KTANCNFSM43QLEP5Q .

buro9 commented 3 years ago

I've no idea who you are... but emailing me, messaging on WhatsApp, calling me, all in addition to doing what you should be doing (engaging with the issue on Github) is unacceptable. I have a life, it's a Sunday morning, and this is not a severe security issue with this library.

Your use-case based on what you provided is unsupported. This library uses a HTML 5 lib to parse HTML and you appear to want to produce XHTML 1 (based on what you'd emailed me - derived from stripo.email tooling). Additionally you don't appear to have taken any time to solve your own problem, instead you've just hounded me across all my contact surfaces. You can take the code in this project and extend it trivially to allow comments (to support the addition of MS Outlook tags from the early 2000s) or other tags. The DocType you would need to manually prepend as the parsing lib explicitly is HTML 5 only.

I shall not engage with you further due to the way that you've hounded me across every contact surface.

ghost commented 3 years ago

Ok, David,

Thanks for the reply. Will not ping you in email and phone.

On Sun, Apr 25, 2021 at 3:59 PM David Kitchen @.***> wrote:

I've no idea who you are... but emailing me, messaging on WhatsApp, calling me, all in addition to doing what you should be doing (engaging with the issue on Github) is unacceptable. I have a life, it's a Sunday morning, and this is not a severe security issue with this library.

Your use-case based on what you provided is unsupported. This library uses a HTML 5 lib to parse HTML and you appear to want to produce XHTML 1 (based on what you'd emailed me - derived from stripo.email tooling). Additionally you don't appear to have taken any time to solve your own problem, instead you've just hounded me across all my contact surfaces. You can take the code in this project and extend it trivially to allow comments (to support the addition of MS Outlook tags from the early 2000s) or other tags. The DocType you would need to manually prepend as the parsing lib explicitly is HTML 5 only.

I shall not engage with you further due to the way that you've hounded me across every contact surface.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/microcosm-cc/bluemonday/issues/119#issuecomment-826300114, or unsubscribe https://github.com/notifications/unsubscribe-auth/AT2IAPBIWP6TA3MH74RAJWLTKPVHFANCNFSM43QLEP5Q .