如何使用新的 Sanitize api 允许 svg 元素
[英]How to allow svg elements using the new Sanitize api
问题描述
https://developer.mozilla.org/en-US/docs/Web/API/HTML_Sanitizer_API 
https://developer.mozilla.org/zh-CN/docs/Web/API/HTML_Sanitizer_API
Using the html sanitizer api, it is removing the 'svg' tag even though I am adding it to the allowed list.使用 html 消毒剂 api,它正在删除“svg”标签,即使我将其添加到允许列表中也是如此。 How can I allow 'svg' tags?我怎样才能允许“svg”标签?
Currently using chrome 105.目前使用 chrome 105。
const cfg = Sanitizer.getDefaultConfiguration();
cfg.allowCustomElements = true;
cfg.allowElements.push('svg');
cfg.allowElements.push('slot');
cfg.allowElements.push('path');
const sanitizer = new Sanitizer(cfg)
const str = `<button>
<svg viewBox="0 0 24 24">
<path d="M7.41,8.58L12,13.17L16.59,8.58L18,10L12,16L6,10L7.41,8.58Z"></path>
</svg>
</button>`
const container = document.createElement('div')
container.setHTML(str, {sanitizer: sanitizer})
The sanitizer is removing the svg tag and everything inside.消毒剂正在去除 svg 标签和里面的所有东西。 const hasSvg = cfg.allowElements.includes('svg'); const hasSvg = cfg.allowElements.includes('svg'); // is returning true // 正在返回 true
1 个解决方案
解决方案1
0 2022-10-07 14:07:00
This is an experimental feature and has very poor support.这是一项实验性功能,支持非常差。 In addition, it only works with the HTTPS protocol.此外,它仅适用于 HTTPS 协议。 That is, you cannot work with it through a regular localhost.也就是说,您不能通过常规本地主机使用它。 You have to wait a little longer for bold use.大胆使用还得再等一会。
Try the purify-html library instead.请尝试使用purify-html库。 It works with the more common browser API, is very lightweight (MINIFIED + GZIPPED - 462 bytes.) and safely removes dangerous tags.它适用于更常见的浏览器 API,非常轻巧(MINIFIED + GZIPPED - 462 字节。)并安全地删除危险标签。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.