v3.4.1 data attributes are removed from links

Question

v3.4.1 data attributes are removed from links

yoLotus opened this issue 5 years ago · 4 comments

Hello,

I'm using bootstrap-sass in a rails project and I write in a view something like:

<%= link_to "link name",
      foo_path
      class:  'btn btn-primary',
      remote: true,
      data:  {bar: true}
%>

Since the update of the gem to version 3.4.1, the commit 69157ce seems to sanitize the links and remove the date-remote and data-bar attributes from the a tag, something like that will be render:

<a class="btn btn-primary" href="/foo">link_name</a>

I wonder if it a bug from bootstrap-sass (should data-* attributes be really removed in the sanitation process?) or if I need to handle it in my app (use remote: true is really standard rails)?

Answer 1 · 2019-04-03T11:24:39.000Z

Hi @yoLotus,

You have examples here on how to allow attributes or new tags in our sanitizer: https://getbootstrap.com/docs/4.3/getting-started/javascript/#sanitizer

Answer 2 · 2019-04-03T12:51:10.000Z

Hi @Johann-S,

Thanks a lot for your quick answer, just made a tried and it works perfectly!

I think I wasn't aware of the full purpose of this sanitation, I understand better the issue resolved by the commit 69157ce now.

Just for people who would also need such whitelisting, the example link provided by @Johann-S says:

var myDefaultWhiteList = $.fn.tooltip.Constructor.Default.whiteList

with bootstrap-sass:

var myDefaultWhiteList = $.fn.tooltip.Constructor.DEFAULTS.whiteList

Thanks again!

Answer 3 · 2019-04-03T13:12:02.000Z

I'll just add something I linked to our v4 docs because it's our latest version but you can find the same for v3 here: https://getbootstrap.com/docs/3.4/javascript/#js-sanitizer

Answer 4 · 2019-04-03T13:27:14.000Z

Thanks ! Yes the path for default whitelist is the same as my previous comment.