Add support for dataset attributes

microcosm-cc / bluemonday

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

https://github.com/microcosm-cc/bluemonday

BSD 3-Clause "New" or "Revised" License

3.14k stars 176 forks source link

Add support for dataset attributes #65

Closed jtamary closed 6 years ago

jtamary commented 6 years ago

Hey :)

In my use of the library I need to support arbitrary data attributes. However, I do not know which data attributes will be sent so I cannot whitelist them.

Can you please add support for arbitrary dataset attributes which will all start with "data-" For reference of data attributes you can refer to MDN They have no meaning for the browser only to pass data to certain elements.

Love to hear your thoughts

Thanks, Jonathan

buro9 commented 6 years ago

I'm fine with what has been proposed but will make a couple of changes in the morning and then merge.

@buddhamagnet your PR is good, there's a few nits I'll change for which I'm going to leave a couple of comments, you don't have to worry about them if you don't want as I'm happy to do the finishing touches.

This will be merged in some form tomorrow :) Thanks to both of you.

buddhamagnet commented 6 years ago

@buro9 no hassles have made some improvements have a look. And no, thank YOU for this great library. BTW Arthur Ortega says hi.

buro9 commented 6 years ago

Arthur pinged me on Twitter after I'd reviewed... I think he was wondering whether this is still the best sanitizer, it is :) Thanks for the contribution, it is much appreciated.

buddhamagnet commented 6 years ago

@buro9 also, happy to help maintain this library if you need extra hands!