v3.4.1 data attributes are removed from links

[yoLotus]

Hello,

I'm using bootstrap-sass in a rails project and I write in a view something like:

<%= link_to "link name",
      foo_path
      class:  'btn btn-primary',
      remote: true,
      data:  {bar: true}
%>

Since the update of the gem to version 3.4.1, the commit 69157ce76df1ccff394803811e582979cda4a993 seems to sanitize the links and remove the date-remote and data-bar attributes from the a tag, something like that will be render:

<a class="btn btn-primary" href="/foo">link_name</a>

I wonder if it a bug from bootstrap-sass (should data-* attributes be really removed in the sanitation process?) or if I need to handle it in my app (use remote: true is really standard rails)?

[Johann-S]

Hi @yoLotus,

You have examples here on how to allow attributes or new tags in our sanitizer: https://getbootstrap.com/docs/4.3/getting-started/javascript/#sanitizer

[yoLotus]

Hi @Johann-S,

Thanks a lot for your quick answer, just made a tried and it works perfectly!

I think I wasn't aware of the full purpose of this sanitation, I understand better the issue resolved by the commit 69157ce76df1ccff394803811e582979cda4a993 now.

Just for people who would also need such whitelisting, the example link provided by @Johann-S says:

var myDefaultWhiteList = $.fn.tooltip.Constructor.Default.whiteList

with bootstrap-sass:

var myDefaultWhiteList = $.fn.tooltip.Constructor.DEFAULTS.whiteList

Thanks again!

[Johann-S]

I'll just add something I linked to our v4 docs because it's our latest version but you can find the same for v3 here: https://getbootstrap.com/docs/3.4/javascript/#js-sanitizer

[yoLotus]

Thanks ! Yes the path for default whitelist is the same as my previous comment.