insane
insane copied to clipboard
bevacqua
:pouting_cat: Lean and configurable whitelist-oriented HTML sanitizer
Please refers to my fork: https://github.com/angstone/insane I added an easy option that makes it more useful to a project of mine. I believe is also useful for other projects. Please...
insane(dirty, { "allowedTags": [ "svg", "path" ], "allowedAttributes": { "svg": ["width", "height", "viewBox", "preserveAspectRatio"], "path": ["d"] }, }) result: ``` ``` > viewBox and preserveAspectRatio is blank
Hello, The [GitHub Security Lab team](https://securitylab.github.com/) has found a potential vulnerability in your project. Please create a [Security Advisory](https://docs.github.com/en/free-pro-team@latest/github/managing-security-vulnerabilities/creating-a-security-advisory) and invite me in to further disclose and discuss the vulnerability...
```js insane(''); ``` You'll get a`TypeError: Cannot read property 'split' of undefined` in `sanitizer.js` from: ```js if (lkey === 'class' && attrsOk.indexOf(lkey) === -1) { value = value.split(' ').filter(isValidClass).join(' ').trim();...
Hi, great job with this library! Seems like the most recent release is not properly published at npm. I discovered this because the following doesn't work: ``` allowedAttributes: { '*':...
Clarify that `allowedTags` doesn't whitelist all attributes in tags listed here by default.
