-
-
Notifications
You must be signed in to change notification settings - Fork 137
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Would it be possible and safe to whitelist some CSS functions? #122
Comments
My team is also currently stuck on a whitelisting issue for the attribute list-style-type. |
Generally speaking, I think the right thing to do is to make it easier/possible to extend what's whitelisted by Loofah. Many people have asked for tags, attributes or functions to be whitelisted, and honestly I'd rather the core library be as conservative as possible and force users to opt into additional non-obvious tags/attributes/functions. |
Added ability to whitelist particular functions #122
Merged pull request, this will be in the next release, planned to be 2.2.0 this weekend. |
At the moment scrub_css will drop an entire inline style attribute if a CSS function is used.
For example:
Is there a situation where whitelisting calc would be a bad idea?
The text was updated successfully, but these errors were encountered: