-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTML code in attributes #965
Comments
Good question, should we add a metatata with the list of the trsted (HTML) attributes? |
Would this be per layer or global? Global had the risk that a user-provided layer could have an attribute with the same name. Per layer, it would be sufficient to flag the whole layer as trusted (I think there would be no need to list each trusted attribute of a layer). For now I would suggest to go with the sanitize-everything approach (see #996). If we see that this causes a problem, we can still introduce a trusted flag in the metadata. |
Per layer, we don't have any global metadata
It's exactly what I say :-)
List of attributes... |
Fixed with #996 |
The HTML code in attributes is not interpreted on mobile.
Example:
<a href="https://github.com/" target="_blank">Cliquer ici</a>
The text was updated successfully, but these errors were encountered: