Does wildcard applies to items in list or applies to all possible items with those attributs?

Question

Does wildcard applies to items in list or applies to all possible items with those attributs?

Closed this issue 4 years ago · 1 comments

In one of the example this is mentioned to whitelist tags:

HTML.Allowed: |
                    *[id|class|name],
                    a[href|title|rel|target],
                    img[src|alt|height|width],
                    h1,u,ul,ol,li,strong

Does *[id|class|name], implies that all elements that contains id,class,name are allowed? For example a div element (which is not in the list), but with a id attribute is allowed?

Answer 1 · 2020-11-17T14:22:04.000Z

Hello @vincentcox, actually the wildcard attributes is a convenient shortcut to allow attributes on all allowed elements. In this case "id", "class" and "name" are only allowed for the following declared elements, and not "div".
See http://htmlpurifier.org/live/configdoc/plain.html#HTML.Allowed for the library docs reference that this bundle is wiring.

In the meanwhile I'm closing here, don't hesitate to reopen if this does not work as intended. Thanks!