search

microcosm-cc / bluemonday

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
https://github.com/microcosm-cc/bluemonday
BSD 3-Clause "New" or "Revised" License
3.16k stars 175 forks source link

Strip only single attribute #170

Closed bohrasankalp closed 1 year ago

bohrasankalp commented 1 year ago

I want to strip only single attribute eg. class or Id over all elements including nested elements as well. In case, stripping class I want to allow for few element, rest all disallow?

How both cases would be handled?

buro9 commented 1 year ago

That kind of conditional logic isn't what this library is built for.

It sounds like you want to implement your own basic parser and rewriter using golang.org/x/net/html as a basis for that.

bohrasankalp commented 1 year ago

Thanks for quick response!

I believe that's a use case when data is cleaned. Currently, it's more like either I would remove/strip all or none, but not single attribute.

Well, there is always an another way for implementation. I know I could implement my custom parser over 'net/HTML'.

buro9 commented 1 year ago

To be clear, I don't actually fully understand your needs here. You've not supplied an example input and desired output and highlighted the logic. But I think I understand, and from that you'd need to implement your own small thing against go/x/net/html.