From f2a8ed07e03f2cd4928f45c3f9b8060d33370a20 Mon Sep 17 00:00:00 2001 From: Helder Sepulveda Date: Wed, 7 Feb 2018 22:51:15 -0500 Subject: [PATCH] improve(sanitizer): add more allowed attributes (#4194) * Add a couple of items to the sanitizeOptions * Strings must use doublequote quotes --- src/core/components/providers/markdown.jsx | 6 ++++-- test/components/markdown.js | 12 ++++++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/src/core/components/providers/markdown.jsx b/src/core/components/providers/markdown.jsx index 35ad0c5f..ec096d5f 100644 --- a/src/core/components/providers/markdown.jsx +++ b/src/core/components/providers/markdown.jsx @@ -29,10 +29,12 @@ Markdown.propTypes = { export default Markdown const sanitizeOptions = { - allowedTags: sanitize.defaults.allowedTags.concat([ "h1", "h2", "img" ]), + allowedTags: sanitize.defaults.allowedTags.concat([ "h1", "h2", "img", "span" ]), allowedAttributes: { ...sanitize.defaults.allowedAttributes, - "img": sanitize.defaults.allowedAttributes.img.concat(["title"]) + "img": sanitize.defaults.allowedAttributes.img.concat(["title"]), + "td": [ "colspan" ], + "*": [ "class" ] }, textFilter: function(text) { return text.replace(/"/g, "\"") diff --git a/test/components/markdown.js b/test/components/markdown.js index 65b80c0e..c3a716a3 100644 --- a/test/components/markdown.js +++ b/test/components/markdown.js @@ -7,6 +7,18 @@ import { Markdown as OAS3Markdown } from "corePlugins/oas3/wrap-components/markd describe("Markdown component", function() { describe("Swagger 2.0", function() { + it("allows span elements with class attrib", function() { + const str = `ONE` + const el = render() + expect(el.html()).toEqual(`

ONE

\n
`) + }) + + it("allows td elements with colspan attrib", function() { + const str = `
ABC
` + const el = render() + expect(el.html()).toEqual(`
ABC
`) + }) + it("allows image elements", function() { const str = `![Image alt text](http://image.source "Image title")` const el = render()