You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Not really sure if this has been requested before, or if it even makes sense to do so, but is it at all possible to expose the functions from sanitize.js as something that can be called when using bootstrap.js?
Why?
I help maintain the Bootbox library, which creates Bootstrap modals on the fly. One of the features we've had pretty much from the beginning was the ability to use HTML in the message and title you wanted to show to the user. Something like:
bootbox.alert({title: 'I have <b>Something Important</b> to say:',message: 'I AM A <i>BANANA</i>!'})
That's all well and good, and works as intended, but apparently kids these days expect small libraries to work like the React and Angular frameworks, and protect them from themselves by automatically sanitizing input (see bootboxjs/bootbox#661). We use jQuery's html() function to allow the aforementioned styled messages, so now it's (apparently) become an issue (the npm package is marked as containing a vulnerability). I don't want to add an external dependency beyond Bootstrap, and I see that you have sanitizing built into tooltips and popovers. It would be great to just be able to call into sanitizeHtml() inside Bootbox, but I haven't found that to be possible. Then again, I'm not a JavaScript expert, so I wouldn't be surprised if it's already possible. If so, could that be documented somewhere (even if it's just a few pointers here prior to closing this issue)?
The text was updated successfully, but these errors were encountered:
I'm not really in favor of sharing our sanitizeHtml method, because it's a very simple sanitizer, people who needs a real sanitizer should use something like DOMPurify.
Not really sure if this has been requested before, or if it even makes sense to do so, but is it at all possible to expose the functions from sanitize.js as something that can be called when using bootstrap.js?
Why?
I help maintain the Bootbox library, which creates Bootstrap modals on the fly. One of the features we've had pretty much from the beginning was the ability to use HTML in the message and title you wanted to show to the user. Something like:
That's all well and good, and works as intended, but apparently kids these days expect small libraries to work like the React and Angular frameworks, and protect them from themselves by automatically sanitizing input (see bootboxjs/bootbox#661). We use jQuery's html() function to allow the aforementioned styled messages, so now it's (apparently) become an issue (the npm package is marked as containing a vulnerability). I don't want to add an external dependency beyond Bootstrap, and I see that you have sanitizing built into tooltips and popovers. It would be great to just be able to call into sanitizeHtml() inside Bootbox, but I haven't found that to be possible. Then again, I'm not a JavaScript expert, so I wouldn't be surprised if it's already possible. If so, could that be documented somewhere (even if it's just a few pointers here prior to closing this issue)?
The text was updated successfully, but these errors were encountered: