Nested tags sanitation about dompurify HOT 5 CLOSED

Hi, thanks for the feedback. Why would the nesting in this situation be illegal?

from dompurify.

Hi, actually I was using it for content filter so it is not really illegal.
I liked it very much that it works on a string.
Probably level sanitation isn't that simple because in practise the user doesn't know what markup is coming. Unless all <p> with content or by some other criteria are put to the desired node level probably that makes more sense.
Finally the lib is really nice but please add attribute sanitation for each kind of tag what the example shows is that attribute sanitation is global for all the markup.

from dompurify.

Yeah, the problem with that is, that we first need to know what level of sanitation the user wants. And that might potentially differ from tag to tag. So it's pretty much impossible to do that without very complex config options.

"please add attribute sanitation for each kind of tag"

Nah, not gonna happen :) But what we are planning to do is implementing a plugin API where you can implement these things on your own without much effort. We believe that's better than bloating the library with individual requests (that are often very much valid - but rarely generalizable enough for a core change). That should then also allow you to implement the mentioned flattening / nesting filter.

Sounds good?

from dompurify.

Yeah, 10x :)

from dompurify.

I'll close this for now

from dompurify.