Closed zyxkad closed 1 year ago
No, it's not clear how this would be done or what the API would look like. Worse though, transformations are best done as a step prior to sanitization and attempting to perform a transformation during sanitization would introduce risk that we aren't sanitizing correctly which would defeat the value in this library.
It is true that some transformations are done by this library (i.e. the addition of rel="nofollow"
but these are extremely few and very well defined and are not operating on the input). I would not expand the use of these to transform a URL unless it could be proven to be safely done.
I would not expand the use of these to transform a URL unless it could be proven to be safely done.
I think if bluemonday always operate url after the url rewrited, it will be safe, isn't it?
transformations are best done as a step prior to sanitization
No, it isn't. That mean I should parse the html twice, it will be slower 100%
I want to rewrite the relative urls that such as
img
anda
, since I fetched the markdown from other website, but bluemonday seems only have option to block or allow them? Is there any chance that you can impl it?I don't want parse the html again. It will be slower and harder.