You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If I have a custom web component in my HTML, it is deleted by the sanitizer even though the rule p.AllowElementsMatching(regexp.MustCompile("^custom-")) is defined.
It's deleted because allowNoAttrs matches.
A rule like p.AllowNoAttrs().Matching(regexp.MustCompile("^custom-")) is also ignored here, because in
func (p *Policy) allowNoAttrs(elementName string) bool { in sanitize.go
only the static map p.setOfElementsMatchingAllowedWithoutAttrs is iterated through and the matching is ignored.
My input looks like this:
<h1id="headline-1">Headline 1</h1><p>Some text</p><p>
Some More Text
</p><custom-component>
Some Component
</custom-component>
The problem is that the .Matching() returns an attributeBuilder and that needs to be bound to a set of elements to test, so merely adding .OnElements() or .OnElementsMatching() resolves this.
I've added a test anyway, because examples are good and complex behaviour is where regressions may occur and I'll catch that if it does regress.
If I have a custom web component in my HTML, it is deleted by the sanitizer even though the rule
p.AllowElementsMatching(regexp.MustCompile("^custom-"))
is defined.It's deleted because allowNoAttrs matches.
A rule like
p.AllowNoAttrs().Matching(regexp.MustCompile("^custom-"))
is also ignored here, because infunc (p *Policy) allowNoAttrs(elementName string) bool {
insanitize.go
only the static map
p.setOfElementsMatchingAllowedWithoutAttrs
is iterated through and the matching is ignored.My input looks like this:
The policy
makes it
However, if I use
and adding the p.AllowNoAttrs() to a static element, then I get the correct output:
The text was updated successfully, but these errors were encountered: