Skip to content

Base list of allowed HTML tags and attributes on the Ammonia defaults #1872

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
smarnach opened this issue Oct 16, 2019 · 1 comment · Fixed by #1876
Closed

Base list of allowed HTML tags and attributes on the Ammonia defaults #1872

smarnach opened this issue Oct 16, 2019 · 1 comment · Fixed by #1876
Labels
A-readme C-enhancement ✨ Category: Adding new behavior or a change to the way an existing feature works E-help-wanted

Comments

@smarnach
Copy link
Contributor

Our readme renderer uses Ammonia to sanitise the HTML. We currently explicitly list all HTML tags and attributes we allow in the source code. To simplify this code, and to allow some additional safe attributes we currently don't allow, we could rely on Ammonia's defaults instead, and add any additional items we may need.

Suggested steps:

  • Consider upgrading to the latest Ammonia release.
  • Compare the list of currently allowed tags in crates.io to the defaults in Ammonia.
  • Update the code to in MarkdownRenderer::new() (linked above) to only add these additional tags to the defaults.
@smarnach smarnach added C-enhancement ✨ Category: Adding new behavior or a change to the way an existing feature works E-help-wanted P-low A-readme labels Oct 16, 2019
@AZanellato
Copy link
Contributor

I can try this 😄

@AZanellato AZanellato mentioned this issue Oct 22, 2019
Merged
bors added a commit that referenced this issue Oct 29, 2019
@bors
Auto merge of #1876 - AZanellato:ammonia-3.0-upgrade, r=smarnach
c0001b9 
Ammonia 3.0 upgrade

Closes #1872.

I have followed the instructions on the issue. Basically removing that list of allowed elements and relying on ammonia to do the job and also upgrading ammonia to 3.0.
bors added a commit that referenced this issue Oct 29, 2019
@bors
Auto merge of #1876 - AZanellato:ammonia-3.0-upgrade, r=smarnach
dcf0218 
Ammonia 3.0 upgrade

Closes #1872.

I have followed the instructions on the issue. Basically removing that list of allowed elements and relying on ammonia to do the job and also upgrading ammonia to 3.0.
@bors bors closed this as completed in 986d3bf Oct 30, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-readme C-enhancement ✨ Category: Adding new behavior or a change to the way an existing feature works E-help-wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Ammonia 3.0 upgrade AZanellato/crates.io
2 participants
@smarnach @AZanellato