Skip to content

Commit

Permalink
Add picture to allowlist of elements that do not need attributes to r…
Browse files Browse the repository at this point in the history
…esolve #161
  • Loading branch information
grafana-dee committed Jan 28, 2023
1 parent 1ee3c12 commit ef72ac8
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 0 deletions.
1 change: 1 addition & 0 deletions policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -879,6 +879,7 @@ func (p *Policy) addDefaultElementsWithoutAttrs() {
p.setOfElementsAllowedWithoutAttrs["optgroup"] = struct{}{}
p.setOfElementsAllowedWithoutAttrs["option"] = struct{}{}
p.setOfElementsAllowedWithoutAttrs["p"] = struct{}{}
p.setOfElementsAllowedWithoutAttrs["picture"] = struct{}{}
p.setOfElementsAllowedWithoutAttrs["pre"] = struct{}{}
p.setOfElementsAllowedWithoutAttrs["q"] = struct{}{}
p.setOfElementsAllowedWithoutAttrs["rp"] = struct{}{}
Expand Down
34 changes: 34 additions & 0 deletions sanitize_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3931,3 +3931,37 @@ func TestRemovingEmptySelfClosingTag(t *testing.T) {
expected)
}
}

func TestIssue161(t *testing.T) {
// https://github.com/microcosm-cc/bluemonday/issues/161
//
// ```
// p.AllowElementsMatching(regexp.MustCompile(`^custom-`))
// p.AllowNoAttrs().Matching(regexp.MustCompile(`^custom-`))
// ```
// This does not work as expected. This looks like a limitation, and the
// question is whether the matching has to be applied in a second location
// to overcome the limitation.
//
// However the issue is really that the `.Matching()` returns an attribute
// test that has to be bound to some elements, it isn't a global test.
//
// This should work:
// ```
// p.AllowNoAttrs().Matching(regexp.MustCompile(`^custom-`)).OnElementsMatching(regexp.MustCompile(`^custom-`))
// ```
p := UGCPolicy()
p.AllowElements("picture", "source")
p.AllowAttrs("srcset", "src", "type", "media").OnElements("source")

input := `<picture><source src="b.jpg" media="(prefers-color-scheme: dark)"></source><img src="a.jpg"></picture>`
out := p.Sanitize(input)
expected := input
if out != expected {
t.Errorf(
"test failed;\ninput : %s\noutput : %s\nexpected: %s",
input,
out,
expected)
}
}

0 comments on commit ef72ac8

Please sign in to comment.