tag doesn't work with sanitizeHtml

Question

tag doesn't work with sanitizeHtml

samilieberman opened this issue a year ago · comments

PLEASE NOTE: make sure the bug exists in the latest patch level of the project. For instance, if you are running a 2.x version of Apostrophe, you should use the latest in that major version to confirm the bug.

To Reproduce

  const formattedTitle = 'My Company<sup>&#174;</sup>';
  console.log(sanitizeHtml(formattedTitle));

The superscript tag doesn't work, even though it is in the default tags

Expected behavior

A clear and concise description of what you expected to happen.

The symbol should be a superscript

Describe the bug

A clear and concise description of what the bug is.

The superscript tag doesn't work, even though it is in the default tags

Details

The superscript tag doesn't work, even though it is in the default tags

Version of Node.js:
PLEASE NOTE: Only stable LTS versions (10.x and 12.x) are fully supported but we will do our best with newer versions.
Node 16

Server Operating System:
The server (which might be your dev laptop) on which Apostrophe is running. Linux? MacOS X? Windows? Is Docker involved?
Mac OS X

Additional context:

Add any other context about the problem here. If the problem is specific to a browser, OS or mobile device, specify which.

Screenshots
If applicable, add screenshots to help explain your problem.

Tom Boutell · Answer 1 · Sat Dec 17 2022 05:15:04 GMT+0800 (China Standard Time)

Please provide a unit test that fails (see the tests folder). If this does not fail when written as a unit test then something is happening in your larger application that is unrelated to sanitize-html itself.

…

On Fri, Dec 16, 2022 at 4:11 PM Sami Lieberman ***@***.***> wrote: PLEASE NOTE: make sure the bug exists in the latest patch level of the project. For instance, if you are running a 2.x version of Apostrophe, you should use the latest in that major version to confirm the bug. To Reproduce const formattedTitle = 'My Company®'; console.log(sanitizeHtml(formattedTitle)); [image: Screen Shot 2022-12-16 at 4 10 27 PM] <https://user-images.githubusercontent.com/15946916/208189541-baf52788-da32-4989-848c-823950d6b46a.png> The superscript tag doesn't work, even though it is in the default tags Expected behavior A clear and concise description of what you expected to happen. The symbol should be a superscript Describe the bug A clear and concise description of what the bug is. Details *Version of Node.js:* *PLEASE NOTE: Only stable LTS versions (10.x and 12.x) are fully supported but we will do our best with newer versions.* *Server Operating System:* *The server (which might be your dev laptop) on which Apostrophe is running. Linux? MacOS X? Windows? Is Docker involved?* *Additional context:* Add any other context about the problem here. If the problem is specific to a browser, OS or mobile device, specify which. *Screenshots* *If applicable, add screenshots to help explain your problem.* — Reply to this email directly, view it on GitHub <#595>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAH27JYD6EUDDKOF4MVNN3WNTLIRANCNFSM6AAAAAATBQIKOQ> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

-- THOMAS BOUTELL | CHIEF TECHNOLOGY OFFICER APOSTROPHECMS | apostrophecms.com | he/him/his

Jannis Ötjengerdes · Answer 2 · Fri May 12 2023 04:58:06 GMT+0800 (China Standard Time)

I attempted to reproduce the reported issue but couldn't confirm it. The provided test, which checks for the removal of  tags, did not yield the expected result. The  tags were retained, including the registered trademark symbol. Based on my findings, I believe this issue can be closed.

it('should not remove sup tags as they are in default allowed list', function() {
  assert.equal(sanitizeHtml('My Company<sup>&#174;</sup>'), 'My Company<sup>®</sup>');
});

Please consider reviewing the test and closing the issue accordingly.

Tom Boutell · Answer 3 · Thu May 18 2023 22:37:59 GMT+0800 (China Standard Time)

Closing as the issue could not be reproduced. @samilieberman if you think we're missing something feel free to provide a unit test (see test/test.js).

Sami Lieberman · Answer 4 · Thu May 18 2023 23:32:35 GMT+0800 (China Standard Time)

@boutell - We are using another library as a workaround because this is still not working for us. I don't have the bandwidth to look into this at the moment, but my colleague Ganesh is going to pick it up. Thanks!

apostrophecms / sanitize-html

<sup> tag doesn't work with sanitizeHtml

To Reproduce

Expected behavior

Describe the bug

Details