Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow all schemas for html anchors #28

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Allow all schemas for html anchors #28

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 9 additions & 5 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,13 +22,13 @@ BaseName makes a string safe to use in a file name, producing a sanitized basena
sanitize.HTML(s string) string
```

HTML strips html tags with a very simple parser, replace common entities, and escape < and > in the result. The result is intended to be used as plain text.
HTML strips html tags with a very simple parser, replace common entities, and escape < and > in the result. The result is intended to be used as plain text.

```go
sanitize.HTMLAllowing(s string, args...[]string) (string, error)
```

HTMLAllowing parses html and allow certain tags and attributes from the lists optionally specified by args - args[0] is a list of allowed tags, args[1] is a list of allowed attributes. If either is missing default sets are used.
HTMLAllowing parses html and allow certain tags and attributes from the lists optionally specified by args - args[0] is a list of allowed tags, args[1] is a list of allowed attributes. If either is missing default sets are used.

```go
sanitize.Name(s string) string
Expand All @@ -46,6 +46,10 @@ Path makes a string safe to use as an url path.
Changes
-------

Version 1.3

Allow all schemas for html anchors

Version 1.2

Adjusted HTML function to avoid linter warning
Expand All @@ -54,9 +58,9 @@ Chnaged name of license file
Added badges and change log to readme

Version 1.1
Fixed type in comments.
Merge pull request from Povilas Balzaravicius Pawka
Fixed type in comments.
Merge pull request from Povilas Balzaravicius Pawka
- replace br tags with newline even when they contain a space

Version 1.0
First release
First release
2 changes: 1 addition & 1 deletion sanitize.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -312,7 +312,7 @@ var (
illegalAttr = regexp.MustCompile(`(d\s*a\s*t\s*a|j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t\s*)\s*:`)

// We are far more restrictive with href attributes.
legalHrefAttr = regexp.MustCompile(`\A[/#][^/\\]?|mailto:|http://|https://`)
legalHrefAttr = regexp.MustCompile(`\A[/#][^/\\]?|\w+:|http://|https://`)
)

// cleanAttributes returns an array of attributes after removing malicious ones.
Expand Down
2 changes: 2 additions & 0 deletions sanitize_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,8 @@ var htmlTestsAllowing = []Test{
{`<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>`, `<img>`},
{`<a href="mailto:cool@test.com?subject=cooool">cool guy</a>`, `<a href="mailto:cool@test.com?subject=cooool">cool guy</a>`},
{`<a href="tel:123123123">123123123</a>`, `<a href="tel:123123123">123123123</a>`},
{`<a href="skype:some">some</a>`, `<a href="skype:some">some</a>`},
}

func TestHTMLAllowed(t *testing.T) {
Expand Down