I9421 v-pkp-allowed-html #320
Conversation
src/directive/allowedHtml.js
Outdated
| const allowed_html = | ||
| 'a[href|target|title],em,strong,cite,code,ul,ol,li[class],dl,dt,dd,b,i,u,img[src|alt],sup,sub,br,p'; |
There was a problem hiding this comment.
I guess this will be fed from the back end later, but just flagging to not be forgotten 😁
There was a problem hiding this comment.
@jonasraoni I was wondering whether it is worth it... but its probably quite easy.. will add it..
There was a problem hiding this comment.
Actually.. now I realised that it has to be passed as its something people might want customise..
| // DOMPurify does not support defining tags along with attributes, its separate lists | ||
| // https://github.com/cure53/DOMPurify/issues/272 |
There was a problem hiding this comment.
There's a sample implementation here (I just skimmed the code, and it seems to be ok):
https://www.linkedin.com/feed/update/urn:li:activity:7034210540885282816/
There was a problem hiding this comment.
@jonasraoni Thanks, I have seen it. But I don't think it makes that much of the difference as its meant to be for security rather than for validation. And customising it also requires more in depth testing (ideally creating some test coverage) and also check performance characteristics.
No description provided.