Keep banana-i18n in sync with mediawiki's jqueryMsg by adapting
its HTML element parsing and sanitization logic.
Most of the code is copied, but jquery dependency and DOM dependency
are avoided. Also using ES6 here. Tests are also copied from jqueryMsg's
tests.
A whitelisting approach is used to allow a subset of tags in html.
Attributes are also whitelisted. Anything else in the message content
will be escaped with html entity representation.
Since banana-i18n does not interface with DOM, but just provide localized
strings, the escaping of HTML is done irrespective of whether output
message is used as text or HTML. Of course, the HTML parsing happens
only when message has html tags.
Keep banana-i18n in sync with mediawiki's jqueryMsg by adapting its HTML element parsing and sanitization logic.
Most of the code is copied, but jquery dependency and DOM dependency are avoided. Also using ES6 here. Tests are also copied from jqueryMsg's tests.
A whitelisting approach is used to allow a subset of tags in html. Attributes are also whitelisted. Anything else in the message content will be escaped with html entity representation.
Since banana-i18n does not interface with DOM, but just provide localized strings, the escaping of HTML is done irrespective of whether output message is used as text or HTML. Of course, the HTML parsing happens only when message has html tags.