You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Originally posted by beargiles November 15, 2024
Applications have defined custom attributes for a long time, e.g., aria-*, and with HTML5 (iirc) there's now an official standard to recognize data-* as a valid attribute. For example aria-xyzshould become data-aria-xyz.
It's not practical to add all possible attributes - it's an undefined list - and we don't want to specify :all since that will include everything. The best solution appears to be adding an optional list of java.text.Pattern objects to the Safelist and adding a check for matches.
I propose adding both per-tag and global attribute wildcards.
Code to follow.
The text was updated successfully, but these errors were encountered:
Discussed in #2224
Originally posted by beargiles November 15, 2024
Applications have defined custom attributes for a long time, e.g.,
aria-*, and with HTML5 (iirc) there's now an official standard to recognizedata-*as a valid attribute. For examplearia-xyzshould becomedata-aria-xyz.It's not practical to add all possible attributes - it's an undefined list - and we don't want to specify
:allsince that will include everything. The best solution appears to be adding an optional list ofjava.text.Patternobjects to theSafelistand adding a check for matches.I propose adding both per-tag and global attribute wildcards.
Code to follow.
The text was updated successfully, but these errors were encountered: