Mercurial > prosody-modules
comparison mod_xhtmlim/README.markdown @ 3699:1f68287138e3
mod_xhtmlim: Default to stripping @style attribute by default
Proper sanitation would require a CSS parser, easier and probably best
for everyone to just strip by default.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 08 Oct 2019 18:35:48 +0200 |
| parents | f6ed4421167d |
| children |
comparison
equal
deleted
inserted
replaced
| 3698:1d719d4ef18f | 3699:1f68287138e3 |
|---|---|
| 1 Introduction | 1 Introduction |
| 2 ============ | 2 ============ |
| 3 | 3 |
| 4 This module attempts to sanitize XHTML-IM messages. | 4 This module attempts to sanitize XHTML-IM messages. |
| 5 | |
| 6 It does **not** attempt to sanitize any CSS embedded in `style` | |
| 7 attributes, these are instead stripped by default. | |
| 5 | 8 |
| 6 Configuration | 9 Configuration |
| 7 ============= | 10 ============= |
| 8 | 11 |
| 9 Option Type Default | 12 Option Type Default |
| 10 ------------------------ --------- --------- | 13 ------------------------ --------- --------- |
| 11 `strip_xhtml_style` boolean `false` | 14 `strip_xhtml_style` boolean `true` |
| 12 `bounce_invalid_xhtml` boolean `false` | 15 `bounce_invalid_xhtml` boolean `false` |