Closed arystan-sw closed 5 years ago
This looks very similar to what we’ve discussed in https://github.com/syntax-tree/hast-util-sanitize/pull/2. What do you think of our reasoning there?
How about extending the sanitization schema to allow attrs only if they have specific values? Like this:
diff --git a/lib/github.json b/lib/github.json
index 615e1e9..53430a5 100644
--- a/lib/github.json
+++ b/lib/github.json
@@ -127,6 +127,13 @@
"q": [
"cite"
],
+ "input": [
+ ["type", "checkbox"],
+ ["disabled", ""]
+ ],
+ "li": [
+ ["class", "task-list-item"]
+ ],
"*": [
"abbr",
"accept",
Interesting! But how would you handle if two values are allowed (type radio and type checkbox for example)?
Can use regex on this occasion:
"input": [
["type", /^(checkbox|radio)$/]
]
Since json file doesn't support regex type, the regex needs to be stored as a string. A compact way to differentiate it from literal value would be to check the presence of a /
on both sides of the string:
"input": [
["type", "/^(checkbox|radio)$/"]
]
I think I’d prefer an array of values, in this case. But never mind, it doesn’t matter so much for your case. We can add regexes / arrays later (or not), right?
One notable caveat in your example is that in HAST, there is no class
, or ""
value for disabled
, they are className
and true
.
So:
input
in the list of allowed elementsinput[type=checkbox][disabled]
only?Interested in working on this?
I'll give it a try.
Correct?
@arystan-sw So sorry for letting this fall through the cracks!
I fiddled with this yesterday, it looks great but there’s one problem: input[type=checkbox][disabled]
is optional but it should be required, input
, input[type=checkbox]
are both fine as well, but they shouldn’t be.
The current schema does not have a way to require properties. So not sure how to add something like that? What do you think? 🤔
added "input" to allowed list because otherwise GFM task list checkboxes would get stripped when I used remark-react