Skip to content

Add otpauth to allowed schemes for anchor elements#26

Open
dberry-trivir wants to merge 1 commit into
ForgeRock:masterfrom
trivir:fix/support-otpauth-protocol
Open

Add otpauth to allowed schemes for anchor elements#26
dberry-trivir wants to merge 1 commit into
ForgeRock:masterfrom
trivir:fix/support-otpauth-protocol

Conversation

@dberry-trivir

Copy link
Copy Markdown

Fixes issue #25

allowVulnerableTags: true, // removes the warning for style tag please use with caution
allowedSchemesByTag: {
...sanitizeHtml.defaults.allowedSchemesByTag,
a: [...sanitizeHtml.defaults.allowedSchemes, 'otpauth'],

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As this is purely a TextOutputCallback use case, we might want to scope it, e.g., in sanitizerConfig.js, we can add

export const textOutputCallbackSanitizerConfig = {
  ...baseSanitizerConfig,
  allowedSchemesByTag: {
    ...baseSanitizerConfig.allowedSchemesByTag,
    a: [...sanitizeHtml.defaults.allowedSchemes, 'otpauth'],
  },
};

And then we can import textOutputCallbackSanitizerConfig and use it directly in the TextOutputCallback.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants