EmbedAPI: clean source (src) properly from inside a tooltip #9344
Assignees
Labels
Comments
humitos
added
Improvement
|
Consider bleach for stripping the HTML to exactly the tags and attributes that should be allowed. |
|
@benjaoming I didn't know bleach. I've read a little of the documentation but I'm not sure to follow how you would use it for the purpose of the issue. Can you explain a little more about how you would use bleach for this? |
|
It's not directly related to the issue -- bleach can ensure that we only have expected tags, attributes and CSS classes transferred. Probably belongs in a separate issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It may be good to expand
clean_resourcesto also rewrite<source src=...>HTML tags.Eric mentioned this in #9337 (comment)
This issue could serve also to do some extra research and try to find out more HTML tags that require HTML rewriting to make the tooltip content render properly.
The text was updated successfully, but these errors were encountered: