Sanitize supports only one tag

Question

Sanitize supports only one tag

ch1ller0 opened this issue 7 years ago · 6 comments

Whether it was made intentionally or not, src/sanitize.js supports only one <em> tag. Are you planning to add some more important tags ( i.e <script>) or better yet let a developer himself to pass a Regex as an argument?

Answer 1 · 2018-06-13T20:56:48.000Z

I suppose there should be also some support of tags with attributes, i.e. <em data-foo='bar'> will not be properly sanitized as the opening tag doesn't match /<em>|<\/em>/g.

Answer 2 · 2018-06-15T16:50:04.000Z

Purpose of this utility is unclear. Maybe we should remove it instead of trying to build yet another sanitizing engine.

Answer 3 · 2018-06-16T22:02:02.000Z

I think it would be a nice little feature over ramda/lodash libraries. As best to my knowledge only lodash has some sort of 'sanitizing engine' (https://lodash.com/docs/#escape), but it works a little bit different.

Answer 4 · 2018-06-18T11:20:39.000Z

@Tom910 we really need the third opinion =)

Answer 5 · 2018-06-18T15:40:39.000Z

/cc @osorokotyaga

Answer 6 · 2018-08-15T15:12:42.000Z

We already have string/escape, and building another sanitize tool will be overkill to library purpose, so I'll better remove it at all.