Invalid and missing HTML elements in the sanatizer #342

vanillajonathan · 2020-12-07T12:35:39Z

https://github.com/jch/html-pipeline/blob/master/lib/html/pipeline/sanitization_filter.rb#L44-L77

The sanatizer contains h7 and h8 which are not valid HTML elements. The HTML standard defines the heading elements h1, h2, h3, h4, h5 and h6.

Notably missing are the HTML5 elements bdi (bidirectional), progress and meter. Perhaps even output.

The sanitizer allows the attribute color, which I believe is only used in HTML4 for the font element (which is removed from HTML5). So it would make sense to either add the legacy font element to the allowed elements list or remove the color attribute from the allowed attributes list. The color attribute is not a global attribute.

The allowed HTML elements contains img but video and audio are absent.

The text was updated successfully, but these errors were encountered:

Closes #342 Closes #303

gjtorikian added the v3 label Feb 16, 2021

gjtorikian added post-v3-response v3 and removed v3 post-v3-response labels Dec 26, 2022

gjtorikian closed this as completed in bb7b25c Dec 30, 2022

gjtorikian added a commit that referenced this issue Jan 26, 2023

Remove outdated elements/attrs

ff07a0b

Closes #342 Closes #303

gjtorikian added a commit that referenced this issue Jan 26, 2023

Remove outdated elements/attrs

1ff7a0b

Closes #342 Closes #303

gjtorikian added a commit that referenced this issue Jan 26, 2023

Remove outdated elements/attrs

fa23ac8

Closes #342 Closes #303

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Invalid and missing HTML elements in the sanatizer #342

Invalid and missing HTML elements in the sanatizer #342

vanillajonathan commented Dec 7, 2020

Invalid and missing HTML elements in the sanatizer #342

Invalid and missing HTML elements in the sanatizer #342

Comments

vanillajonathan commented Dec 7, 2020