Add support for a bunch more safe HTML element tags, and bring them into some order.

2024-11-26 20:14:43 +01:00 · 2014-05-01 22:08:32 +02:00 · 2014-05-01 22:08:32 +02:00 · 8d2af3a21b
commit 8d2af3a21b
parent aeb569ff46
2 changed files with 19 additions and 6 deletions
--- a/inline_test.go
+++ b/inline_test.go
@ -211,6 +211,9 @@ func TestRawHtmlTag(t *testing.T) {

 		"<!DOCTYPE test>",
 		"<p>&lt;!DOCTYPE test&gt;</p>\n",
+
+		"<hr>",
+		"<hr>\n",
 	}
 	doTestsInlineParam(t, tests, 0, HTML_SKIP_STYLE|HTML_SANITIZE_OUTPUT)
 }
@ -548,7 +551,7 @@ func TestNofollowLink(t *testing.T) {

 func TestHrefTargetBlank(t *testing.T) {
 	var tests = []string{
-        // internal link
+		// internal link
 		"[foo](/bar/)\n",
 		"<p><a href=\"/bar/\">foo</a></p>\n",

--- a/sanitize.go
+++ b/sanitize.go
@ -19,12 +19,22 @@ var (

 func init() {
 	whitelistTags = toSet([]string{
-		"a", "b", "blockquote", "br", "caption", "cite", "code", "col",
-		"colgroup", "dd", "div", "dl", "dt", "em",
+		// Headings
 		"h1", "h2", "h3", "h4", "h5", "h6",
-		"i", "img", "li", "ol", "p", "pre", "q", "small", "strike", "strong",
-		"sub", "sup", "table", "tbody", "td", "tfoot", "th", "thead", "tr", "u",
-		"ul"})
+		// Block elements
+		"p", "pre", "blockquote", "hr", "div", "header", "article", "aside", "footer",
+		"section", "main", "mark", "figure", "figcaption",
+		// Inline elements
+		"a", "br", "cite", "code", "img",
+		// Lists
+		"ol", "ul", "li",
+		// Tables
+		"table", "tbody", "td", "tfoot", "th", "thead", "tr", "colgroup", "col", "caption",
+		// Formatting
+		"u", "i", "em", "small", "strike", "b", "strong", "sub", "sup", "q",
+		// Definition lists
+		"dd", "dl", "dt",
+	})
 	whitelistAttrs = map[string]map[string]bool{
 		"a":   toSet([]string{"href", "title", "rel"}),
 		"img": toSet([]string{"src", "alt", "title"}),