You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is it an acceptable practice to provide a custom list implementation in place of a static array to achieve a custom allow/deny decision? The code below works as expected:
That's a clever solution, but I wouldn't recommend this.
While I don't foresee Sanitize changing anytime soon in a way that would break this, I consider the call to include? an internal implementation detail and not part of the public API contract, so there's no guarantee this won't break in a semver minor or patch release.
It might be a little more complicated, but I think the best way to do this is with a dedicated transformer like the GitLab solution. That said, if you prefer the solution above and are willing to accept the risk of breakage, I won't stop you!
Is it an acceptable practice to provide a custom list implementation in place of a static array to achieve a custom allow/deny decision? The code below works as expected:
We want to achieve similar
<a href=...>
link sanitization behavior like GitLab, whose devs decided to allow any protocol and implement a dedicated transformer instead. Which seems too complex and error-prone for our rather simple use case (Redmine CommonMark formatter).But I haven't found anything in the Sanitize docs that would make me feel safe about relying on the
include?()
contract.Based on your answer, I can submit a documentation PR eventually. And thanks for this great library btw. :)
The text was updated successfully, but these errors were encountered: