v3.4.1 data attributes are removed from links
yoLotus opened this issue · 4 comments
Hello,
I'm using bootstrap-sass
in a rails project and I write in a view something like:
<%= link_to "link name",
foo_path
class: 'btn btn-primary',
remote: true,
data: {bar: true}
%>
Since the update of the gem to version 3.4.1
, the commit 69157ce seems to sanitize the links and remove the date-remote
and data-bar
attributes from the a
tag, something like that will be render:
<a class="btn btn-primary" href="/foo">link_name</a>
I wonder if it a bug from bootstrap-sass
(should data-*
attributes be really removed in the sanitation process?) or if I need to handle it in my app (use remote: true
is really standard rails)?
Hi @yoLotus,
You have examples here on how to allow attributes or new tags in our sanitizer: https://getbootstrap.com/docs/4.3/getting-started/javascript/#sanitizer
Hi @Johann-S,
Thanks a lot for your quick answer, just made a tried and it works perfectly!
I think I wasn't aware of the full purpose of this sanitation, I understand better the issue resolved by the commit 69157ce now.
Just for people who would also need such whitelisting, the example link provided by @Johann-S says:
var myDefaultWhiteList = $.fn.tooltip.Constructor.Default.whiteList
with bootstrap-sass
:
var myDefaultWhiteList = $.fn.tooltip.Constructor.DEFAULTS.whiteList
Thanks again!
I'll just add something I linked to our v4 docs because it's our latest version but you can find the same for v3 here: https://getbootstrap.com/docs/3.4/javascript/#js-sanitizer
Thanks ! Yes the path for default whitelist is the same as my previous comment.