Add a way to disable attribute sanitization in inline HTML rendering.

LambdAurora · Dec 2, 2024 · c2aff27 · c2aff27
1 parent 0635af5
commit c2aff27
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -93,3 +93,7 @@
 
 - Added allowed attributes in inline HTML rendering option.
 - Fixed bad handling of malformed image elements.
+
+### 2.3.1
+
+- Added a way to disable attribute sanitization in inline HTML rendering.
diff --git a/README.md b/README.md
@@ -41,5 +41,5 @@ import * as md from "@lambdaurora/libmd";
 Import the library using [esm.sh](https://esm.sh):
 
 ```javascript
-import * as md from "https://esm.sh/jsr/@lambdaurora/[email protected].0";
+import * as md from "https://esm.sh/jsr/@lambdaurora/[email protected].1";
 ```
diff --git a/deno.json b/deno.json
@@ -1,6 +1,6 @@
 {
 	"name": "@lambdaurora/libmd",
-	"version": "2.3.0",
+	"version": "2.3.1",
 	"exports": "./mod.ts",
 	"tasks": {
 		"build": "deno run --allow-read --allow-write --allow-net --allow-env=HOME,ESBUILD_BINARY_PATH,ESBUILD_WORKER_THREADS,XDG_CACHE_HOME,NPM_CONFIG_REGISTRY,DENO_REGISTRY_URL,JSR_URL --allow-run build_logic/build.ts",

diff --git a/lib/renderer.ts b/lib/renderer.ts
@@ -133,7 +133,7 @@ export interface InlineHtmlRenderOptions {
 	/**
 	 * List of allowed attributes per HTML tags, with the special key `*` applying to all HTML tags.
 	 */
-	allowed_attributes: { [key: string]: readonly string[] };
+	allowed_attributes: { [key: string]: readonly string[] } | true;
 	/**
 	 * List of HTML tags that are not allowed and will be escaped out.
 	 */
@@ -425,6 +425,8 @@ const DEFAULT_OPTIONS: RenderOptions = {
 }
 
 function sanitize_raw<N extends html.Node>(node: N, context: RenderContext): N {
+	if (context.inline_html.allowed_attributes === true) return node;
+
 	if (node instanceof html.Element) {
 		node.attributes = node.attributes.filter(attribute =>
 			context.inline_html.allowed_attributes["*"].includes(attribute.name)