Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow data-attributes to pass through AMP sanitizer. #5504

Merged
merged 2 commits into from Oct 11, 2016
Merged

Allow data-attributes to pass through AMP sanitizer. #5504

merged 2 commits into from Oct 11, 2016

Conversation

mkhatib
Copy link
Contributor

@mkhatib mkhatib commented Oct 10, 2016

Fixes #5281

mkhatib
mkhatib commented Oct 10, 2016
View reviewed changes
src/sanitizer.js
@@ -157,6 +161,8 @@ export function sanitizeHtml(html) {
for (let i = 0; i < attribs.length; i += 2) {
if (WHITELISTED_ATTRS.indexOf(attribs[i]) != -1) {
attribs[i + 1] = savedAttribs[i + 1];
} else if (attribs[i].search(WHITELISTED_ATTR_PREFIX_REGEX) == 0) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not entirely sure this needs to be a Regex, but thought might be useful in the future if we need to whitelist more prefixes. However, happy to change this to just a simple indexOf('data-') == 0 check instead for speed. LMK.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is #search?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

String#search

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wow! Never used it!

@molnarg
Copy link

molnarg commented Oct 11, 2016

LGTM

dvoytenko
dvoytenko approved these changes Oct 11, 2016
View reviewed changes
src/sanitizer.js
@@ -157,6 +161,8 @@ export function sanitizeHtml(html) {
for (let i = 0; i < attribs.length; i += 2) {
if (WHITELISTED_ATTRS.indexOf(attribs[i]) != -1) {
attribs[i + 1] = savedAttribs[i + 1];
} else if (attribs[i].search(WHITELISTED_ATTR_PREFIX_REGEX) == 0) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wow! Never used it!

@mkhatib mkhatib merged commit 05bd051 into ampproject:master Oct 11, 2016
@mkhatib mkhatib deleted the data-attrs-mustache branch October 11, 2016 16:44
dreamofabear pushed a commit to dreamofabear/amphtml that referenced this pull request Oct 12, 2016
@mkhatib
Allow data-attributes to pass through AMP sanitizer. (ampproject#5504)
acb6a35
Lith pushed a commit to Lith/amphtml that referenced this pull request Dec 22, 2016
@mkhatib
Allow data-attributes to pass through AMP sanitizer. (ampproject#5504)
0dac3ec
Lith pushed a commit to Lith/amphtml that referenced this pull request Dec 22, 2016
@mkhatib
Allow data-attributes to pass through AMP sanitizer. (ampproject#5504)
f085b10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jridgewell jridgewell jridgewell left review comments

@dvoytenko dvoytenko dvoytenko approved these changes

Assignees

@dvoytenko dvoytenko

@molnarg molnarg

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@mkhatib @molnarg @jridgewell @dvoytenko