Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add allowedTags to HTMLContentTransform request #5347

Merged
merged 3 commits into from
Nov 4, 2024
Merged

Add allowedTags to HTMLContentTransform request #5347

merged 3 commits into from
Nov 4, 2024

Conversation

compulim
Copy link
Contributor

@compulim compulim commented Nov 4, 2024
edited
Loading

Changelog Entry

Added

  • Added HTML content transformer middleware, in PR #5338 and #5347, by @compulim
    • Configure HTML sanitizer via request.allowedTags

Description

Added request.allowedTags to enable custom elements story through HTML content transform middleware.

Design

Background: the HTML sanitizer is the very last function in the HTML content transform middleware.

One story of HTML content transform middleware is to convert, say, <a> into <my-link>.

This PR enables the middleware to allowlist additional tag names for the HTML sanitizer. It can also enable denylist and observe the allowed tag names.

Specific Changes

  • Updated HTMLContentTransformMiddleware to include new allowedTags
  • Updated the "code block copy button" middleware to use this feature
  • Moved default sanitizer options to the caller of the middleware, i.e. useTransformHTMLContent() hook
  • I have added tests and executed them locally
  • I have updated CHANGELOG.md
  • I have updated documentation

Review Checklist

This section is for contributors to review your work.

  • Accessibility reviewed (tab order, content readability, alt text, color contrast)
  • Browser and platform compatibilities reviewed
  • CSS styles reviewed (minimal rules, no z-index)
  • Documents reviewed (docs, samples, live demo)
  • Internationalization reviewed (strings, unit formatting)
  • package.json and package-lock.json reviewed
  • Security reviewed (no data URIs, check for nonce leak)
  • Tests reviewed (coverage, legitimacy)

@compulim compulim marked this pull request as ready for review November 4, 2024 20:41
@compulim compulim merged commit b245b63 into microsoft:main Nov 4, 2024
25 checks passed
@compulim compulim deleted the feat-allow-custom-elements branch November 4, 2024 22:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tdurnford tdurnford tdurnford approved these changes

@a-b-r-o-w-n a-b-r-o-w-n Awaiting requested review from a-b-r-o-w-n a-b-r-o-w-n is a code owner

@cwhitten cwhitten Awaiting requested review from cwhitten cwhitten is a code owner

@srinaath srinaath Awaiting requested review from srinaath srinaath is a code owner

@beyackle2 beyackle2 Awaiting requested review from beyackle2 beyackle2 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@compulim @tdurnford