You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I started a personal web project and decided to use this package rather than the default html/template as it seems like a responsible thing to do, but I am running into an error that I cannot get around without forking the package:
html/template:my.template.html: cannot escape action {{.Url}}: actions
must not occur in the "hx-get" attribute value context of a "li" element
From reading the code is seems that you have hardcoded all potential element-attribute combinations into elementSpecificAttrValSanitizationContext and globalAttrValSanitizationContext/elementContentSanitizationContext and thus the hx-get attribute is disallowed, right?
Is there any reason why it would be unsafe to add a method that allows adding attributes to be considered valid, assuming they are adding using string literals passed to the method that would add them?
If not, seems like a really easy enhancement I could add and create a PR for? Would that be something you would consider allowing?
The text was updated successfully, but these errors were encountered:
I started a personal web project and decided to use this package rather than the default
html/templateas it seems like a responsible thing to do, but I am running into an error that I cannot get around without forking the package:From reading the code is seems that you have hardcoded all potential element-attribute combinations into
elementSpecificAttrValSanitizationContextandglobalAttrValSanitizationContext/elementContentSanitizationContextand thus thehx-getattribute is disallowed, right?Is there any reason why it would be unsafe to add a method that allows adding attributes to be considered valid, assuming they are adding using string literals passed to the method that would add them?
If not, seems like a really easy enhancement I could add and create a PR for? Would that be something you would consider allowing?
The text was updated successfully, but these errors were encountered: