improve(sanitizer): add more allowed attributes (#4194)

* Add a couple of items to the sanitizeOptions * Strings must use doublequote quotes
2018-02-07 22:51:15 -05:00
parent 7fd229fe72
commit f2a8ed07e0
2 changed files with 16 additions and 2 deletions
--- a/src/core/components/providers/markdown.jsx
+++ b/src/core/components/providers/markdown.jsx
@@ -29,10 +29,12 @@ Markdown.propTypes = {
 export default Markdown
 const sanitizeOptions = {
-    allowedTags: sanitize.defaults.allowedTags.concat([ "h1", "h2", "img" ]),
+    allowedTags: sanitize.defaults.allowedTags.concat([ "h1", "h2", "img", "span" ]),
    allowedAttributes: {
        ...sanitize.defaults.allowedAttributes,
-        "img": sanitize.defaults.allowedAttributes.img.concat(["title"])
+        "img": sanitize.defaults.allowedAttributes.img.concat(["title"]),
        "td": [ "colspan" ],
        "*": [ "class" ]
    },
    textFilter: function(text) {
        return text.replace(/&quot;/g, "\"")
--- a/test/components/markdown.js
+++ b/test/components/markdown.js
@@ -7,6 +7,18 @@ import { Markdown as OAS3Markdown } from "corePlugins/oas3/wrap-components/markd
 describe("Markdown component", function() {
    describe("Swagger 2.0", function() {
        it("allows span elements with class attrib", function() {
            const str = `<span class="method">ONE</span>`
            const el = render(<Markdown source={str} />)
            expect(el.html()).toEqual(`<div class="markdown"><p><span class="method">ONE</span></p>\n</div>`)
        })
        it("allows td elements with colspan attrib", function() {
            const str = `<table><tr><td>ABC</td></tr></table>`
            const el = render(<Markdown source={str} />)
            expect(el.html()).toEqual(`<div class="markdown"><table><tr><td>ABC</td></tr></table></div>`)
        })
        it("allows image elements", function() {
            const str = `![Image alt text](http://image.source "Image title")`
            const el = render(<Markdown source={str} />)