EmbedAPI: clean source (src) properly from inside a tooltip

readthedocs / readthedocs.org

The source code that powers readthedocs.org

https://readthedocs.org/

MIT License

8.01k stars 3.58k forks source link

EmbedAPI: clean source (src) properly from inside a tooltip #9344

Open humitos opened 2 years ago

humitos commented 2 years ago

It may be good to expand clean_resources to also rewrite <source src=...> HTML tags.

Eric mentioned this in https://github.com/readthedocs/readthedocs.org/pull/9337#discussion_r899437440

This issue could serve also to do some extra research and try to find out more HTML tags that require HTML rewriting to make the tooltip content render properly.

benjaoming commented 2 years ago

Consider bleach for stripping the HTML to exactly the tags and attributes that should be allowed.

humitos commented 2 years ago

@benjaoming I didn't know bleach. I've read a little of the documentation but I'm not sure to follow how you would use it for the purpose of the issue. Can you explain a little more about how you would use bleach for this?

benjaoming commented 2 years ago

It's not directly related to the issue -- bleach can ensure that we only have expected tags, attributes and CSS classes transferred. Probably belongs in a separate issue.