Skip to content

Fix image captions with colons being stripped by DOMPurify#488

Merged
samuelpecher merged 1 commit intobasecamp:mainfrom
lylo:fix-caption-colon-stripping
Jan 20, 2026
Merged

Fix image captions with colons being stripped by DOMPurify#488
samuelpecher merged 1 commit intobasecamp:mainfrom
lylo:fix-caption-colon-stripping

Conversation

@lylo
Copy link
Contributor

@lylo lylo commented Dec 7, 2025
edited
Loading

DOMPurify validates attribute values against a URI regex unless the attribute is marked as "URI safe". The caption attribute was in ALLOWED_ATTR but not in URI_SAFE_ATTRIBUTES, causing values like "photographer: name" to be stripped because the colon made it look like an unknown protocol scheme.

Adding caption and filename to ADD_URI_SAFE_ATTR prevents this validation, allowing any text content in these attributes.

@lylo lylo mentioned this pull request Dec 7, 2025
Closed
@samuelpecher samuelpecher self-requested a review January 20, 2026 10:14
@samuelpecher
Copy link
Collaborator

samuelpecher commented Jan 20, 2026
edited
Loading

No objections to the principle. We're not using those values except storing them in the rich text.

@packagethief can I get your 👀 on this?

@packagethief
Copy link
Member

packagethief commented Jan 20, 2026

No objections here 👍

@lylo lylo force-pushed the fix-caption-colon-stripping branch from 23a0d1b to 67e4d51 Compare January 20, 2026 16:43
@samuelpecher samuelpecher merged commit 4ec059c into basecamp:main Jan 20, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@samuelpecher samuelpecher Awaiting requested review from samuelpecher

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lylo @samuelpecher @packagethief