HTML Sanitizer Configuration
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-16-2023 03:15 AM
Hi,
I am trying to blacklist http protocol in <a> tag alone while allowing https HTML Sanitizer in HTMLSanitizerConfig Script Include. I am following Configure HTML sanitizer (servicenow.com) article.
I am trying to do the following
HTML_BLACKLIST:{
globalAttributes: {},
a:{
attributeValuePattern:{href:"https:.*"}
}
but this doesn't seem to work. Can someone help on this?
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-16-2023 06:08 AM
Hi @demodynamic
This code will remove http:// links while keeping https:// links.
var HTMLSanitizerConfig = Class.create();
HTMLSanitizerConfig.prototype = {
initialize: function() {
},
configure: function(sanitizer) {
sanitizer.policy.addAttribute("a", "href", function(value) {
if (value && value.startsWith('http://')) {
return null; // remove http:// links
}
return value; // keep https:// links
});
},
type: 'HTMLSanitizerConfig'
};
Please mark it Correct and Hit Like if you find this helpful!
Regards,
Karthiga
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-16-2023 07:41 PM
@Karthiga S Thanks for the reply. I tried this and it doesn't seem to work. Both http and https links are retained in sanitization. Do you have any inputs?
Also is there a document for configure function? All documents I see talk about blacklist and whitelist.
