microcosm-cc / bluemonday

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
https://github.com/microcosm-cc/bluemonday
BSD 3-Clause "New" or "Revised" License
3.2k stars 175 forks source link

How to allow custom elements using a regex #91

Closed shaydoc closed 4 years ago

shaydoc commented 5 years ago

I need to be able to whitelist elements based up a regex pattern The reason for this is because I have lots of web components. E.g. {namespace}-my-element

I would like to white list anything containing {namespace} pattern

Can this be achieved easily?

grafana-dee commented 5 years ago

This is a good requirement. Do you have examples of the HTML input and what you'd like the output to be.

shaydoc commented 5 years ago

Sure, All I want to be able to do is

   p.AllowElements(regexp.MustCompile(`my-namepsace-*`))

So Data In

  <div>
      <my-namespace-demo-one />
      <my-namespace-demo-two />
      <not-my-namespace-demo-one />
  </div>

Data Out

  <div>
      <my-namespace-demo-one />
      <my-namespace-demo-two /> 
  </div>
shaydoc commented 5 years ago

what ya think @buro9 , would this be an easy update to make?

theflyingcodr commented 5 years ago

I'm working on this one at the moment, hope to have a PR up today for :eyes: and feedback

theflyingcodr commented 5 years ago

Little bit later than I'd have liked due to other commitments, but PR is now in for this https://github.com/microcosm-cc/bluemonday/pull/92

shaydoc commented 5 years ago

be good to get this merged @buro9