search

yesodweb / haskell-xss-sanitize

prevent XSS attacks by sanitizing html (this is different then escaping!)
Other
20 stars 15 forks source link

Allow customized whitelists. #18

Closed ygale closed 6 years ago

ygale commented 6 years ago

Sometimes there is a need to customize the white list. Our specific use is that we are using the comments feature of (some recent version of) CKEditor. It inserts comments into the HTML using a non-standard HTML tag, so these are getting sanitized out.

This PR adds a new version of the safeTags filter, called mySafeTags, that allows you to supply custom versions of safeTagName and sanitizeAttribute. You can easily build your own version of these functions on top of the originals with small changes in behavior, such as adding or removing one or more specific items from the white list. Or you can build your own from scratch.

ygale commented 6 years ago

Sorry that the PR was a bit premature. It works now. And I added some tests.

ygale commented 6 years ago

@snoyberg Thanks! Done.

ygale commented 6 years ago

@snoyberg AppVeyor seems to be having some trouble, could you please take a look?