Skip to content

Add config option to allow specific attributes and tags#17

Open
realpascalbotjet wants to merge 1 commit intoprotonemedia:mainfrom
realpascalbotjet:feature/allow-evil-removal
Open

Add config option to allow specific attributes and tags#17
realpascalbotjet wants to merge 1 commit intoprotonemedia:mainfrom
realpascalbotjet:feature/allow-evil-removal

Conversation

@realpascalbotjet
Copy link

@realpascalbotjet realpascalbotjet commented Feb 17, 2026

Adds an allowed key to the anti_xss config that calls removeEvilAttributes() and removeEvilHtmlTags() on the underlying AntiXSS instance. This lets users whitelist specific attributes (e.g. style) or tags without having to override the middleware.

'anti_xss' => [
    'allowed' => [
        'attributes' => ['style'],
        'tags' => null,
    ],
],

Fixes #13

Add allowed attributes and tags config option
ca623eb 
Adds an 'allowed' key to the anti_xss config that calls
removeEvilAttributes() and removeEvilHtmlTags() on the AntiXSS
instance, allowing users to whitelist specific attributes (e.g.
'style') or tags without overriding the middleware.

Fixes protonemedia#13
@realpascalbotjet realpascalbotjet force-pushed the feature/allow-evil-removal branch from 7949986 to ca623eb Compare February 17, 2026 08:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Missing option to allow inline "style" property

1 participant

@realpascalbotjet