filter for bad characters

Question

filter for bad characters

Closed this issue a year ago · 4 comments

Hi,
it's possible to enter "code" in the tag input, which is executed instantly.
As an example input:

><img src=a onerror="alert('BAM!')">

So I'd like to filter such stuff on input.
I tried with onCanAdd - it help's a little
I tried with onCreateItem - seems the wrong direction

What should be the right way to do it?

Answer 1 · 2024-02-09T18:11:07.000Z

i guess you are right that makes for a bad default
This should do it :)
https://github.com/lekoala/bootstrap5-tags/releases/tag/1.7.0

Answer 2 · 2024-02-10T14:16:45.000Z

Thx Koala!
Great work again! That's what I would prefere - the soft sanitizing.

But I was forced to sanitize harder - remove all "bad" characters.
I can change the sanitize method or maybe better I could override the onRenderItem event to the desired behavior.

onRenderItem: (item, label, inst) => {
    if (!inst.config("allowHtml")) {
      return sanitize(label);
    }
    return label;
  },

Oh - override did only work for the loaded labels - not for the new created options
Overwrite sanitize worked of course!

What do you think?

Answer 3 · 2024-02-12T08:07:52.000Z

oh i see
i added a "inputFilter" callback and you can also customize the sanitizer now
https://github.com/lekoala/bootstrap5-tags/releases/tag/1.7.1

Answer 4 · 2024-02-12T10:36:12.000Z

That's all I dreamed of!
Very good customizable. I don't have to change the lib itself.
Thx!