ammonia icon indicating copy to clipboard operation
ammonia copied to clipboard

Published 20 hours ago verified publisher icon rust-ammonia

'html', 'head' and 'body' tags are stripped out even if these are included in the whitelisted tags

Open Muntaner opened this issue 1 year ago • 3 comments

Minimal example:

    use maplit::hashset;

    let html = "<html><head>head content</head><body><div>test</div></body></html>";

    let tags = hashset!["html", "head", "body"];

    let mut b = ammonia::Builder::default();

    b.add_tags(tags);

    let clean_html = b.clean(html).to_string();
    println!("{}", clean_html);

Output: head content<div>test</div> Expectation: <html><head>head content</head><body><div>test</div></body></html>

Am I overlooking some setting?

Muntaner avatar Jul 05 '23 11:07 Muntaner

Same thing for some other tags, like strong. Any help?

medihack avatar Jul 27 '23 09:07 medihack

html, head, and body are more-or-less expected. The HTML is parsed as-if it was a div's innerHTML.

strong shouldn't do that. Can you open a separate issue with a minimized code example?

notriddle avatar Jul 27 '23 14:07 notriddle

html, head, and body are more-or-less expected. The HTML is parsed as-if it was a div's innerHTML.

Does this mean that it is working as designed (I doubt that, due to the "more-or-less") or is there any plan to support such tags?

Imho it could be very useful. Right now passing a full fledged HTML doc to the library for sanitization is basically unsupported, since it would "break" the original doc.

Muntaner avatar Jul 30 '23 12:07 Muntaner