feat(ngSanitize): add $sanitizeExt factory #6252
Conversation
|
Thanks for the PR! Please check the items below to help us merge this faster. See the contributing docs for more information.
If you need to make changes to your pull request, you can update the commit with Thanks again for your help! |
|
I don't understand the errors in the Travis CI build. It looks completely unrelated to the code changes. Is there a way to run the build again to see if it was an issue with the build environment? |
|
Don't worry about the CI builds right now, we're getting a lot of flakiness from the SL browsers right now which is causing failures, https://travis-ci.org/angular/angular.js/builds/18846911 doesn't look like a huge problem |
|
Nice work on raising the PR! Just wondered why you went for methods to extend the whitelist, instead of allowing the whitelist to be completely overridden as per your previous suggestion? I would prefer it if we allowed the consumer to override the whitelist because they might need to remove a default item. |
|
Having one method that overrides the entire whitelist seemed too bulky, as it would require passing in the entire list of tags/attributes. These methods also update more than one internal list, so you'd have to supply a method for each list. If you want to have the ability to remove tags/attributes, I'd suggest just adding "remove" methods instead. |
|
I’m wary of having methods to add/remove, because if we change the default whitelist in a future update, it might negate any work the consumer has done to change the whitelist. I’m not sure this is a problem in all honesty, just wondering if it could make for some painful upgrades for users. |
|
Any updates on this one? It doesn't look like it's been assigned or assigned to a milestone. I'd like to have this feature in Angular so that I can use it in my product instead of having to recreate the ngSanitize module on my own. |
Add $sanitizeExt factory to allow extenstion of the $sanitize element and attribute whitelists. This allows for unsupported, standard elements and attributes, as well as custom elements and attributes. Closes angular#5900
|
I've tried making small tweaks and committing several times to get the build to succeed once, but I'm getting all sorts of random errors from NPM install failing to Selenium timing out. Obviously, none of those are specific to the changes in this PR. |
|
I still think this needs a way of removing elements, preferably as per my suggestion: #6252 (comment) |
|
Whilst this remains not configurable, I am implementing my own sanitizer using html-janitor: sbscribe.filter('unsafe', function ($sce) {
return function (val) {
return $sce.trustAsHtml(val);
};
});
// FIXME: Actually use `ngSanitize`
// https://github.com/angular/angular.js/issues/5900
// https://github.com/angular/angular.js/issues/6218
// https://github.com/angular/angular.js/pull/6252
// TODO: Not exhaustive?
var janitor = new HtmlJanitor({
// Whilelist
tags: {
p: {},
code: {},
pre: {},
// TODO: Map b => strong
strong: {},
b: {},
// TODO: Map em => i
em: {},
i: {},
// TODO: Map strike => del
strike: {},
del: {},
a: { href: true },
ul: {},
ol: {},
li: {},
blockquote: {},
h1: {},
h2: {},
h3: {},
h4: {},
h5: {},
h6: {},
sub: {},
sup: {}
}
});
sbscribe.filter('sanitize', function (unsafeFilter) {
return function (val) {
return unsafeFilter(janitor.clean(val));
};
}); |
petebacondarwin
force-pushed
the
master
branch
from
02dc2aa to
fd2d6c0
Compare
jeffbcross
force-pushed
the
master
branch
2 times, most recently
from
cad9560 to
f294244
Compare
jeffbcross
force-pushed
the
master
branch
4 times, most recently
from
e8dc429 to
e83fab9
Compare
petebacondarwin
force-pushed
the
master
branch
from
4dd5a20 to
998c61c
Compare
|
This PR is shortly to become outdated with @IgorMinar's PR #12524 lands. In any case we should be configuring the sanitizer via its provider. I am going to close this PR. If you still want to be able to whitelist specific elements, which we would not recommend unless you really know what you are doing, then please put together another PR once #12524 lands. |
Browser: Chrome
Component: misc core
Regression: no
Add $sanitizeExt factory to allow extenstion of the $sanitize element and
attribute whitelists. This allows for unsupported, standard elements and
attributes, as well as custom elements and attributes.
Closes #5900