Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTMLSanitizer strips data-* attributes #143

Open
cdent opened this issue Feb 22, 2014 · 0 comments
Open

HTMLSanitizer strips data-* attributes #143

cdent opened this issue Feb 22, 2014 · 0 comments
Labels
sanitizer

Comments

@cdent
Copy link

cdent commented Feb 22, 2014

Since the whitelist process is list-of-strings oriented, it will reject custom data-* attributes that are being used.

The hack to change it is described here:

https://github.com/rubys/venus/pull/19/files#diff-dcd60d82836175427dfbdf792aa976ecL172

I'm fairly certain that data-* is "safe" so it seems like there should be some way to keep it.

BTW: I looked and looked to see if this issue was already discussed somewhere (given the above link, I figured it would be) but I couldn't find it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
sanitizer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cdent @gsnedders