You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am processing some rich text content (mostly coming from WYSIWYG editors and emails). I only want to use this package to handle the BBCode parts.
However, according to the HTMLElements section of the documentation, by default no HTML tags are allowed. A whitelist must be provided, and for each element the allowed attributes must be specified.
In my case, the text has already been sanitized using symfony/html-sanitizer, so it is already safe HTML. I would like to output this HTML directly, without any further filtering or processing. How can this be done?
I reviewed the HTMLElements documentation and tried using the whitelist feature together with the presets from symfony/html-sanitizer (see the reference
), adding those elements and attributes to HTMLElements (marked as unsafe).
However, during debugging I found that this results in generating a very large Stylesheet. I expect this may cause some performance issues, but it seems that due to XSLT constraints, this might be unavoidable. Is that correct?
If the goal is to minimize performance impact, does that mean the only option is to manually curate a minimal whitelist of possible elements and attributes and store them in HTMLElements?
So, is there any way to skip the HTML escaping/processing step entirely?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
I am processing some rich text content (mostly coming from WYSIWYG editors and emails). I only want to use this package to handle the BBCode parts.
However, according to the HTMLElements section of the documentation, by default no HTML tags are allowed. A whitelist must be provided, and for each element the allowed attributes must be specified.
In my case, the text has already been sanitized using symfony/html-sanitizer, so it is already safe HTML. I would like to output this HTML directly, without any further filtering or processing. How can this be done?
I reviewed the HTMLElements documentation and tried using the whitelist feature together with the presets from symfony/html-sanitizer (see the reference
), adding those elements and attributes to HTMLElements (marked as unsafe).
However, during debugging I found that this results in generating a very large Stylesheet. I expect this may cause some performance issues, but it seems that due to XSLT constraints, this might be unavoidable. Is that correct?
If the goal is to minimize performance impact, does that mean the only option is to manually curate a minimal whitelist of possible elements and attributes and store them in HTMLElements?
So, is there any way to skip the HTML escaping/processing step entirely?
Thanks.
Beta Was this translation helpful? Give feedback.
All reactions