shekyan
October 14, 2019, 10:41pm
1
Hi! First topic.
Ammonia is a great piece of a tool, but sanitization sometimes needs to be more granular.
For example, I cannot figure out if it is possible to whitelist a scheme for one tag attribute, but remove it for another.
<img src='data:text/plain;charset=utf-8;base64,..'>
is a relatively harmless code, while
<a href='data:text/plain;charset=utf-8;base64,..'>...</a>
might not be.
shekyan
October 14, 2019, 11:12pm
2
And the answer is obvious, if we are ok with having data scheme everywhere except anchor tag:
Builder::default()
.add_url_schemes(&["data"])
.attribute_filter(move |element, attribute, value| {
match (element, attribute) {
("a", "href") => {
if value.starts_with("data:") {
return None
}
Some(value.into())
},
_ => Some(value.into())
}
})
....
1 Like
system
Closed
January 12, 2020, 11:12pm
3
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.