From 27d9e6ac4923f6e4e1763774731d126a066b480b Mon Sep 17 00:00:00 2001
From: Kevin Jiang <KevinSJ@users.noreply.github.com>
Date: Fri, 26 May 2023 20:46:47 +1200
Subject: [PATCH 1/3] Allow false in allowedClasses

Making sure allowedClasses is Array type before using forEach
---
 index.js | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/index.js b/index.js
index ad9c6ad..63e38bd 100644
--- a/index.js
+++ b/index.js
@@ -170,20 +170,24 @@ function sanitizeHtml(html, options, _recursing) {
       allowedAttributesMap[tag].push('class');
     }
 
-    allowedClassesMap[tag] = [];
-    allowedClassesRegexMap[tag] = [];
-    const globRegex = [];
-    classes.forEach(function(obj) {
-      if (typeof obj === 'string' && obj.indexOf('*') >= 0) {
-        globRegex.push(escapeStringRegexp(obj).replace(/\\\*/g, '.*'));
-      } else if (obj instanceof RegExp) {
-        allowedClassesRegexMap[tag].push(obj);
-      } else {
-        allowedClassesMap[tag].push(obj);
+    allowedClassesMap[tag] = classes;
+
+    if (Array.isArray(classes)) {
+      const globRegex = [];
+      allowedClassesMap[tag] = [];
+      allowedClassesRegexMap[tag] = [];
+      classes.forEach(function(obj) {
+        if (typeof obj === 'string' && obj.indexOf('*') >= 0) {
+          globRegex.push(escapeStringRegexp(obj).replace(/\\\*/g, '.*'));
+        } else if (obj instanceof RegExp) {
+          allowedClassesRegexMap[tag].push(obj);
+        } else {
+          allowedClassesMap[tag].push(obj);
+        }
+      });
+      if (globRegex.length) {
+        allowedClassesGlobMap[tag] = new RegExp('^(' + globRegex.join('|') + ')$');
       }
-    });
-    if (globRegex.length) {
-      allowedClassesGlobMap[tag] = new RegExp('^(' + globRegex.join('|') + ')$');
     }
   });
 

From de2b9f1c35172e1bb70d18b0376ee503a1d1de2f Mon Sep 17 00:00:00 2001
From: Kevin Jiang <KevinSJ@users.noreply.github.com>
Date: Fri, 26 May 2023 21:22:50 +1200
Subject: [PATCH 2/3] Adding test for when allowedClasses is false

---
 test/test.js | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/test/test.js b/test/test.js
index 753114d..8bbbd47 100644
--- a/test/test.js
+++ b/test/test.js
@@ -482,6 +482,20 @@ describe('sanitizeHtml', function() {
       '<p class="nifty simple dippy">whee</p>'
     );
   });
+  it('should allow all classes for a single tag if `allowedClasses` for the tag is false', function() {
+    assert.equal(
+      sanitizeHtml(
+        '<p class="nifty simple dippy">whee</p>',
+        {
+          allowedTags: [ 'p' ],
+          allowedClasses: {
+            p: false
+          }
+        }
+      ),
+      '<p class="nifty simple dippy">whee</p>'
+    );
+  });
   it('should allow only classes that matches `allowedClasses` regex', function() {
     assert.equal(
       sanitizeHtml(

From 94a79b63dcd4be7f8c22d4657905c37aef737d08 Mon Sep 17 00:00:00 2001
From: Kevin Jiang <KevinSJ@users.noreply.github.com>
Date: Fri, 26 May 2023 21:28:48 +1200
Subject: [PATCH 3/3] Update README and CHANGELOG

---
 CHANGELOG.md | 1 +
 README.md    | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 394fdbe..59e926c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 ## UNRELEASED
 
+- Fix to allow `false` in `allowedClasses` attributes
 - Upgrade mocha version
 - Apply small linter fixes in tests
 - Add `.idea` temp files to `.gitignore`
diff --git a/README.md b/README.md
index c51512d..d18237c 100644
--- a/README.md
+++ b/README.md
@@ -255,6 +255,8 @@ allowedClasses: {
 }
 ```
 
+If `allowedClasses` for a certain tag is `false`, all the classes for this tag will be allowed.
+
 > Note: It is advised that your regular expressions always begin with `^` so that you are requiring a known prefix. A regular expression with neither `^` nor `$` just requires that something appear in the middle.
 
 ### Allowed CSS Styles