htmLawed followed by sanitize is stripping STRIKE
htmLawed followed by sanitize is stripping STRIKE:
Take for example the comment form. By default, we allow the "strike" tag. htmLawed also allows the strike tag, but it converts it to a span with style and an underscore property. Therefore, strike is no longer in the string when passed to sanitize. To fix this, I'd like to rework the sanitize function to include a 3rd option that doesn't strip tags. I'd also like to change the parameter from a non-descriptive numeric to something that understandable like "no_ents" (for no htmlentities), "no_tags" and no parameter needed if you want both. I think this will make the code clearer and more flexible, but it's a pretty big task and will have to wait a while.
Technically, we shouldn't need to run sanitize after htmLawed, but configuring htmLawed looks like quite a science which I'd rather not spend time on. Sanitize is nice because it's easy to see what it does from the function.
Take for example the comment form. By default, we allow the "strike" tag. htmLawed also allows the strike tag, but it converts it to a span with style and an underscore property. Therefore, strike is no longer in the string when passed to sanitize. To fix this, I'd like to rework the sanitize function to include a 3rd option that doesn't strip tags. I'd also like to change the parameter from a non-descriptive numeric to something that understandable like "no_ents" (for no htmlentities), "no_tags" and no parameter needed if you want both. I think this will make the code clearer and more flexible, but it's a pretty big task and will have to wait a while.
Technically, we shouldn't need to run sanitize after htmLawed, but configuring htmLawed looks like quite a science which I'd rather not spend time on. Sanitize is nice because it's easy to see what it does from the function.
Leave a comment
The simple solution was to change STRIKE with DEL since the first is deprecated. I've changed sanitize (must update the docs!). Please test these changes because they affect over 30 files.