HTML sanitize (dont working)

Solved Technical Support
  • Hello. i need help for this plugin (HTML sanitize)

    I need half of codes from

    Example --

    • Emphasis classes (typography)
    • Tables (to support <table class=""> ) and tr / td too
    • Labels
    • Buttons
    • Navs (Tabs need)
    • Progress bars

    Who can help me?

    My settings is -

    Allowed tags - [ "h1", "h2", "h3", "h4", "h5", "h6", "blockquote", "p", "a", "ul", "ol", "nl", "li", "b", "img", "i", "strong", "em", "strike", "code", "hr", "br", "div", "table", "thead", "caption", "tbody", "tr", "th", "td", "pre", "summary", "details", "iframe", "button" ]

    AllowedAttributes - {"a": [ "href", "name", "target" ], "img": ["data-*", "src", "class", "alt", "title"], "iframe": ["src"], "div": ["class"], "button": ["type", "class" ] "table": ["class"], "tr": ["class", "bgcolor"], "td": ["class", "bgcolor" }

    Self closing tag is - [ "img", "br", "hr", "area", "base","basefont", "input", "link", "meta" ]

    What i supposed to do?

    I made this workin (Alerts)

    <div class="alert alert-dismissible alert-warning">
    <button type="button" class="close" data-dismiss="alert">×</button>
    <p>Best check yo self, you're not looking too good. Nulla vitae elit libero, a pharetra augue. Praesent commodo cursus magna, <a href="#" class="alert-link">vel scelerisque nisl consectetur et</a>.</p>

    And made panels workin too.

    But i cant make other things to work too.. without sanitize workin all.. but i need to block "bad tags"
    Who can help me with this?

    Which tags / attributes i need to enter to see working html tags from that i listed?

    EDITED -
    Alerts and panels WORKED when i dont added "table": ["class"], "tr": ["class", "bgcolor"], "td": ["class", "bgcolor" }

  • See how with sanitize

    and without..

    What i need to do?

    @psychobunny , @julian , @Global-Moderators .

    I need this so much)

  • Do not ping people or groups or of the blue like that. Especially within hours of your original post, that's unacceptable.

  • @PitaJ sorry. i dont know that it is bad.

    I dont sleep 2 day)) must find a way how to fix it..

  • If you have copied the rules 1:1, I might have an Idea: there ist a "," missing!

    Here: ..."button": ["type", "class" ], "table": ["class"], ...

    Give a try!

  • @frgilb Thank you so much.. i am so stupid) dont seen it.
    Already workin)

Suggested Topics

  • 0 Votes
    1 Posts

    I noticed that custom pages no longer work. I see the following records in the error logs. I uninstalled and reinstalled the nodebb-custom-pages plugin. I've done several reboots and builds but it didn't work. Why might the problem be caused?
    my NodeBB version: 2.2.5
    custom pages version: 1.3.3

    2022-07-25T11:06:33.959Z [4567/1887] - error: GET /iletisim Error: Failed to lookup view "iletisim" in views directory "/home/nodes/nodebb/build/public/templates" at Function.render (/home/nodes/nodebb/node_modules/express/lib/application.js:597:17) at ServerResponse.render (/home/nodes/nodebb/node_modules/express/lib/response.js:1039:7) at /home/nodes/nodebb/src/middleware/render.js:107:11 at new Promise (<anonymous>) at renderContent (/home/nodes/nodebb/src/middleware/render.js:106:10) at renderMethod (/home/nodes/nodebb/src/middleware/render.js:75:15) at async ServerResponse.renderOverride [as render] (/home/nodes/nodebb/src/middleware/render.js:96:5)
  • 1 Votes
    3 Posts

    @PitaJ thank you! will give this a try 👍

  • 1 Votes
    4 Posts

    @julian said in Google Recaptcha v3 not working:

    As far as I know ReCAPTCHA v3 should be working, I'll let @bentael know if there's been a change.

    Fine, thanks.

    @oplik0 said in Google Recaptcha v3 not working:

    v3 is not just "a better reCAPTCHA" and it is not replacing v2.

    v3 only offers "invisible" reCAPTCHA, but even if Spam Be Gone supported that (it doesn't yet) it still wouldn't work because it passes different data.
    reCAPTCHA v2 is binary - either user is a robot or not.
    v3 doesn't just pass "true||false" but instead passes a score from 0.0 to 1.0 and it's up to the application to determine what score is a success. It also never shows user a challenge as it's not supposed to interrupt the user in any way.

    So to sum it up: for Spam Be Gone to support v3 would mean changing the way it handles reCAPTCHA and I'm not even sure if it's a good idea. v3 is supposed to continuously chceck if user is a bot without interruptions, so it's best used for frequent user actions like posting or login, not for things like registration that happen once per user and it's not a big deal if it interrupts user with a challenge. So I'd say it'd be better for Spam Be Gone to extend its functionally to use v3 on login and posting, and leave v2 on the registration page.

    That convinced me 🙂 Thanks a lot.
    Unfortunately I'm not a developer and do not know how to develop a plugin, but I'll highly appreciate if it's developed by anyone (NodeBB team or another mate).

  • 0 Votes
    4 Posts

    @codecowboy Redactor comes with it's own html sanitiser, so it is not as dangerous.

    If you find any holes, let @drew know!

  • 0 Votes
    6 Posts


    thanks again, your previous advice resolved the issue, I updated Nodebb which reverted to the previous version of WE (0.2.18), I'm going to leave it as it is, really don't like messing around with the back end stuff, I'm still a noob.

    many thanks appreciate your help 😄

    Best, Lee