Add warning when css_sanitizer is not set, but style is allowed (#676)

mozilla / bleach

Bleach is an allowed-list-based HTML sanitizing library that escapes or strips markup and attributes

https://bleach.readthedocs.io/en/latest/

Other

2.65k stars 251 forks source link

Add warning when css_sanitizer is not set, but style is allowed (#676) #691

Closed willkg closed 1 year ago

willkg commented 1 year ago

This adds a note to the documentation and also adds a warning that gets emitted if css_sanitizer is not set, but "style" is an allowed attribute. This reduces the likelihood of developer error.

Fixes #676.