whiteList does nothing #247
Comments
chladnefazole
changed the title
|
Hi, @chladnefazole please try this example code: var dirtyHtml =
'<!doctype html><head><meta charset="utf-8" name="xx" content="yy"><title>Test</title><style></style></head><body class="aa"><footer></footer><div></div></body>';
var sanitizerOptions = {
whiteList: {
"!doctype": ["html"],
meta: ["name", "content", "charset"],
html: ["lang"],
style: [],
head: [],
title: [],
body: ["class"],
footer: [],
},
};
var cleanHtml = filterXSS(dirtyHtml, sanitizerOptions);
console.log(cleanHtml);we can get the following result: <!doctype html><head><meta charset="utf-8" name="xx" content="yy"><title>Test</title><style></style></head><body class="aa"><footer></footer><div></div></body> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have whitelist:
But
style, head, body, htmltags are all being escaped still.table, tr, td, tbody, p, h1, h2tags are not escaped. Basically, the list does nothing at all.I am using the library via a CDN and therefore I'm calling the function like so:
var cleanHtml = filterXSS(dirtyHtml, sanitizerOptions);The text was updated successfully, but these errors were encountered: