| 4 | * Configuration to control DOMPurify behavior. |
| 5 | */ |
| 6 | export interface Config { |
| 7 | /** |
| 8 | * Extend the existing array of allowed attributes. |
| 9 | * Can be an array of attribute names, or a function that receives |
| 10 | * the attribute name and tag name to determine if the attribute is allowed. |
| 11 | */ |
| 12 | ADD_ATTR?: |
| 13 | | string[] |
| 14 | | ((attributeName: string, tagName: string) => boolean) |
| 15 | | undefined; |
| 16 | |
| 17 | /** |
| 18 | * Extend the existing array of elements that can use Data URIs. |
| 19 | */ |
| 20 | ADD_DATA_URI_TAGS?: string[] | undefined; |
| 21 | |
| 22 | /** |
| 23 | * Extend the existing array of allowed tags. |
| 24 | * Can be an array of tag names, or a function that receives |
| 25 | * the tag name to determine if the tag is allowed. |
| 26 | */ |
| 27 | ADD_TAGS?: string[] | ((tagName: string) => boolean) | undefined; |
| 28 | |
| 29 | /** |
| 30 | * Extend the existing array of elements that are safe for URI-like values (be careful, XSS risk). |
| 31 | */ |
| 32 | ADD_URI_SAFE_ATTR?: string[] | undefined; |
| 33 | |
| 34 | /** |
| 35 | * Allow ARIA attributes, leave other safe HTML as is (default is true). |
| 36 | */ |
| 37 | ALLOW_ARIA_ATTR?: boolean | undefined; |
| 38 | |
| 39 | /** |
| 40 | * Allow HTML5 data attributes, leave other safe HTML as is (default is true). |
| 41 | */ |
| 42 | ALLOW_DATA_ATTR?: boolean | undefined; |
| 43 | |
| 44 | /** |
| 45 | * Allow external protocol handlers in URL attributes (default is false, be careful, XSS risk). |
| 46 | * By default only `http`, `https`, `ftp`, `ftps`, `tel`, `mailto`, `callto`, `sms`, `cid` and `xmpp` are allowed. |
| 47 | */ |
| 48 | ALLOW_UNKNOWN_PROTOCOLS?: boolean | undefined; |
| 49 | |
| 50 | /** |
| 51 | * Decide if self-closing tags in attributes are allowed. |
| 52 | * Usually removed due to a mXSS issue in jQuery 3.0. |
| 53 | */ |
| 54 | ALLOW_SELF_CLOSE_IN_ATTR?: boolean | undefined; |
| 55 | |
| 56 | /** |
| 57 | * Allow only specific attributes. |
| 58 | */ |
| 59 | ALLOWED_ATTR?: string[] | undefined; |
| 60 | |
| 61 | /** |
| 62 | * Allow only specific elements. |
| 63 | */ |
nothing calls this directly
no outgoing calls
no test coverage detected
searching dependent graphs…