Only adding target="_blank" but not modifying any other HTML
ColdHeat opened this issue · comments
I'd like to use bluemonday to apply AddTargetBlankToFullyQualifiedLinks
to HTML but not otherwise sanitize or modify any of the HTML even if the HTML is malicious.
This would let me use a policy as a sort of HTML processor.
Is there an existing way to do this?
I think ultimately this is asking is there a way to create a policy that allows any HTML? I theorized that maybe this could be done if using a permissive regex for AllowElementsMatching
and also adding an AllowAttrsMatching
as well.
There isn't a way to do this using bluemonday, as the nature of it being whitelist based means that you would have to define a policy that accepted everything including HTML not yet defined or custom elements given meaning through CSS.
The core of the Sanitize()
func can be copied though, and then strip out everything that would've sanitised.
Note that even if you do this, it will still escape HTML entities in the resulting HTML as that is part of the x\html
package.