Skip to content

Allow <s> on sanitize markdown#3646

Merged
corinagum merged 4 commits intomicrosoft:masterfrom
corinagum:3565-strikethrough
Dec 23, 2020
Merged

Allow <s> on sanitize markdown#3646
corinagum merged 4 commits intomicrosoft:masterfrom
corinagum:3565-strikethrough

Conversation

@corinagum
Copy link
Copy Markdown
Contributor

@corinagum corinagum commented Dec 21, 2020
edited
Loading

Fixes #3565

Changelog Entry

Description

Previously, only (deprecated) <strike> was allowed via sanitize, but now this will allow <s> as well.

markdown text ~~strikethrough~~ will now render as <s>strikethrough</s>

Design

Specific Changes

Review Checklist

This section is for contributors to review your work.

  • Accessibility reviewed (tab order, content readability, alt text, color contrast)
  • Browser and platform compatibilities reviewed
  • CSS styles reviewed (minimal rules, no z-index)
  • Documents reviewed (docs, samples, live demo)
  • Internationalization reviewed (strings, unit formatting)
  • package.json and package-lock.json reviewed
  • Security reviewed (no data URIs, check for nonce leak)
  • Tests reviewed (coverage, legitimacy)

@compulim
Copy link
Copy Markdown
Contributor

compulim commented Dec 22, 2020

Thanks for such simple tests, no need snapshots. 👍🏻

Could you add <del> and <ins> to the whitelist too?

<del> is new in HTML5 to strikethrough texts. <ins> to emphasize adding of text. Samples below:

This is <del>

This is <ins>

@corinagum
Copy link
Copy Markdown
Contributor Author

corinagum commented Dec 22, 2020

@compulim neither tag passes tests - looks like sanitize-html doesn't skip filtering <ins> and <del> even if they're added to allowedTags.

Filed an issue: apostrophecms/sanitize-html#449

no tests added for latest addition

@corinagum corinagum merged commit 6368e77 into microsoft:master Dec 23, 2020
@compulim compulim mentioned this pull request Mar 2, 2021
Closed
52 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@compulim compulim compulim approved these changes

@a-b-r-o-w-n a-b-r-o-w-n Awaiting requested review from a-b-r-o-w-n a-b-r-o-w-n is a code owner

@amal-khalaf amal-khalaf Awaiting requested review from amal-khalaf

@beyackle beyackle Awaiting requested review from beyackle

@cwhitten cwhitten Awaiting requested review from cwhitten cwhitten is a code owner

@srinaath srinaath Awaiting requested review from srinaath srinaath is a code owner

@tdurnford tdurnford Awaiting requested review from tdurnford tdurnford is a code owner

@tonyanziano tonyanziano Awaiting requested review from tonyanziano

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Strikethrough (<s>) is removed on sanitize

2 participants

@corinagum @compulim