diff options
| author | Patrick H. Lauke <[email protected]> | 2020-06-19 09:31:37 +0100 |
|---|---|---|
| committer | GitHub <[email protected]> | 2020-06-19 11:31:37 +0300 |
| commit | edbcc401c28e539ecdcf3c49c7ef2a74d0c28ebd (patch) | |
| tree | a1e408cd3c48309c49fc06d7dbb52d96ae02fae0 /site/content/docs/5.0/getting-started/javascript.md | |
| parent | 7acf586d3efa9b2bad6a93d81c7cdc3560de6cdf (diff) | |
| download | bootstrap-edbcc401c28e539ecdcf3c49c7ef2a74d0c28ebd.tar.xz bootstrap-edbcc401c28e539ecdcf3c49c7ef2a74d0c28ebd.zip | |
Change whitelist to allowlist (#31066)
Co-authored-by: XhmikosR <[email protected]>
Co-authored-by: Mark Otto <[email protected]>
Diffstat (limited to 'site/content/docs/5.0/getting-started/javascript.md')
| -rw-r--r-- | site/content/docs/5.0/getting-started/javascript.md | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/site/content/docs/5.0/getting-started/javascript.md b/site/content/docs/5.0/getting-started/javascript.md index 3c5eecf36..38b226623 100644 --- a/site/content/docs/5.0/getting-started/javascript.md +++ b/site/content/docs/5.0/getting-started/javascript.md @@ -161,11 +161,11 @@ Bootstrap's plugins don't fall back particularly gracefully when JavaScript is d Tooltips and Popovers use our built-in sanitizer to sanitize options which accept HTML. -The default `whiteList` value is the following: +The default `allowList` value is the following: {{< highlight js >}} var ARIA_ATTRIBUTE_PATTERN = /^aria-[\w-]*$/i -var DefaultWhitelist = { +var DefaultAllowlist = { // Global attributes allowed on any supplied element below. '*': ['class', 'dir', 'id', 'lang', 'role', ARIA_ATTRIBUTE_PATTERN], a: ['target', 'href', 'title', 'rel'], @@ -200,21 +200,21 @@ var DefaultWhitelist = { } {{< /highlight >}} -If you want to add new values to this default `whiteList` you can do the following: +If you want to add new values to this default `allowList` you can do the following: {{< highlight js >}} -var myDefaultWhiteList = bootstrap.Tooltip.Default.whiteList +var myDefaultAllowList = bootstrap.Tooltip.Default.allowList // To allow table elements -myDefaultWhiteList.table = [] +myDefaultAllowList.table = [] // To allow td elements and data-option attributes on td elements -myDefaultWhiteList.td = ['data-option'] +myDefaultAllowList.td = ['data-option'] // You can push your custom regex to validate your attributes. // Be careful about your regular expressions being too lax var myCustomRegex = /^data-my-app-[\w-]+/ -myDefaultWhiteList['*'].push(myCustomRegex) +myDefaultAllowList['*'].push(myCustomRegex) {{< /highlight >}} If you want to bypass our sanitizer because you prefer to use a dedicated library, for example [DOMPurify](https://www.npmjs.com/package/dompurify), you should do the following: |