-
|
I'm using Sanitize to do basic filtering of user html input on a system using Bootstrap 5. A user can for instance decide to add a modal function from Bootstrap: https://getbootstrap.com/docs/5.0/components/modal/. First, the Sanitize::Config::RELAXED does not permit button tags, but that's an easy fix, but Bootstrap now uses data-bs-* for their attributes and data-bs-* is not a permitted selector in Sanitize, at the moment I've come up with this: This covers most of the bootstrap data-bs- attributes but I'm sure more will be discovered so it would be much nicer to just permit data-bs-* to permit them all. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
The easiest way to achieve this would be to allow all attributes: {
all: Sanitize::Config::RELAXED[:attributes][:all] + [:data]
}If you'd rather not allow all arbitrary |
Beta Was this translation helpful? Give feedback.
-
|
Perfect, thank you. |
Beta Was this translation helpful? Give feedback.
The easiest way to achieve this would be to allow all
data-attributes. You can do this by adding:datato the list of allowed attributes:If you'd rather not allow all arbitrary
data-attributes and would instead prefer to only allow attributes beginning withdata-bs-, you could do this by writing a custom transformer.