-
Notifications
You must be signed in to change notification settings - Fork 352
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: remove empty non-boolean attributes #624
feat: remove empty non-boolean attributes #624
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great stuff. Minor documentation requests 🙏
README.md
Outdated
@@ -167,6 +212,22 @@ allowedTags: false, | |||
allowedAttributes: false | |||
``` | |||
|
|||
#### "What if I want to allow empty attributes?" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This implies they are not allowed by default. They are allowed, just only where it makes sense.
This could be a better heading:
"What if I want to allow empty attributes, even for cases like href
that normally don't make sense?"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated
|
||
```js | ||
nonBooleanAttributes: ['*'] | ||
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add a note that this will break common valid cases like checked
and selected
so for most ordinary HTML use cases it is best to avoid making this change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated
Thanks for feedback, updated documentation. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good stuff, thank you!
Summary
This causes sanitize-html to remove empty attributes that are known to be non-boolean. It provides an exhaustive list of all known attributes taken from: https://html.spec.whatwg.org/multipage/indices.html#attributes-3
options.nonBooleanAttributes
nonBooleanAttributes: []
nonBooleanAttributes: ['*']
Closes #123
What are the specific steps to test this change?
Test with empty attributes such as:
Will not remove anything.
Will transform into the first example.
What kind of change does this PR introduce?
Make sure the PR fulfills these requirements:
If adding a new feature without an already open issue, it's best to open a feature request issue first and wait for approval before working on it.