Stripping class attribute even when configured under allowedAttributes
aysiscore opened this issue · comments
I have configured sanitize-html like this:
allowedTags: ['p', 'aside', 'h2', 'h3', 'h4', 'figure', 'br', 'em', 'strong', 'a', 'ol', 'ul', 'li', 'blockquote', 'table', 'th', 'tr', 'td', 'caption', 'colgroup', 'col', 'thead', 'tbody', 'tfoot'],
allowedAttributes: {
'a': ['href', 'name', 'target', 'rel', 'class'],
'aside': ['class'],
'*': ['class']
},
selfClosing: ['br']
When I send the following content to the server before sanitize-html is called it is like this:
<p>The PM claimed he hadn’t broken rules because nobody had told him the rules, which he wrote</p>
<aside class="infosnippet"><p>[[Snippet Placeholder]]</p></aside>
Once I run sanitize-html on the above content the class
attribute on the <aside>
tag is being stripped, so I end up with this:
<p>The PM claimed he hadn’t broken rules because nobody had told him the rules, which he wrote</p>
<aside><p>[[Snippet Placeholder]]</p></aside>
Looking at the docs I believe I have configured it properly to allow class
attributes on the aside
tag and in fact ALL tags using the wildcard.
Is this a configuration issue or a bug?
Once you add it to allowedAttributes, you'll need to look at allowedClasses.
Even with allowedClasses: [*]
or allowedClasses: ['infosnippet']
it strips the class attribute out of the tag.
Please reopen as its not solved
Did you add class
to allowedAttributes
? If you did then please provide a failing unit test showing the problem.