Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <h2> Allowed Tags:<h2>
- - <b>Allowed in sanitize-html</b>: h3, h4, h5, h6, blockquote, p, a, ul, ol, nl, li, b, i, strong, em, strike, code, hr, br, div, table, thead, caption, tbody, tr, th, td, pre
- - <b>Allowed in JLab</b>: {all from sanitize-html} + svg, h1, h2, img, span
- - <b>Allowed in google-caja</b> (marked as safe): a, abbr, acronym, address, area, article, aside, audio, b, bdi, bdo, big, blockquote, br, button, canvas, caption, center, cite, code, col, colgroup, command, data, datalist, dd, del, details, dfn, dir, div, dl, dt, em, fieldset, figcaption, figure, font, footer, form, h1, h2, h3, h4, h5, h6, header, hgroup, hr, i, iframe, img, input, ins, kbd, label, legend, li, map, mark, menu, meter, nav, nobr, ol, optgroup, option, output, p, pre, progress, q, s, samp, section, select, small, source, span, strike, strong, sub, summary, sup, table, tbody, td, textarea, tfoot, th, thead, time, tr, track, tt, u, ul, var, video, wbr
- - <b>Allowed in Jupyter Notebook</b>: {all from google-caja} (but it has an argument on whether to allow style tags)
- <hr />
- <h2>Allowed attributes:</h2>
- <pre>
- // Generated using:
- for (var key in Jupyter.security.caja.html4.ATTRIBS) {
- atype = Jupyter.security.caja.html4.ATTRIBS[key];
- switch (atype) {
- case Jupyter.security.caja.html4.atype['NONE']: console.log(key, ": allowed"); break;
- case Jupyter.security.caja.html4.atype['SCRIPT']: console.log(key, ": no"); break;
- case Jupyter.security.caja.html4.atype['STYLE']: console.log(key, ": parse css and allow some"); break;
- case Jupyter.security.caja.html4.atype['ID']:
- case Jupyter.security.caja.html4.atype['IDREF']:
- case Jupyter.security.caja.html4.atype['IDREFS']:
- case Jupyter.security.caja.html4.atype['GLOBAL_NAME']:
- case Jupyter.security.caja.html4.atype['LOCAL_NAME']:
- case Jupyter.security.caja.html4.atype['CLASSES']: console.log(key, ": allowed"); break;
- case Jupyter.security.caja.html4.atype['URI']: console.log(key, ": Should be parseable and only schemes: http, https, geo, mailto, sms, tel"); break;
- case Jupyter.security.caja.html4.atype['URI_FRAGMENT']: console.log(key, ": Should start with hash"); break;
- default: console.log(key, ": no"); break;
- }; }
- </pre>
- *::class : allowed
- *::dir : allowed
- *::draggable : allowed
- *::hidden : allowed
- *::id : allowed
- *::inert : allowed
- *::itemprop : allowed
- *::itemref : allowed
- *::itemscope : allowed
- *::lang : allowed
- *::onblur : no
- *::onchange : no
- *::onclick : no
- *::ondblclick : no
- *::onerror : no
- *::onfocus : no
- *::onkeydown : no
- *::onkeypress : no
- *::onkeyup : no
- *::onload : no
- *::onmousedown : no
- *::onmousemove : no
- *::onmouseout : no
- *::onmouseover : no
- *::onmouseup : no
- *::onreset : no
- *::onscroll : no
- *::onselect : no
- *::onsubmit : no
- *::ontouchcancel : no
- *::ontouchend : no
- *::ontouchenter : no
- *::ontouchleave : no
- *::ontouchmove : no
- *::ontouchstart : no
- *::onunload : no
- *::spellcheck : allowed
- *::style : parse css and allow some
- *::title : allowed
- *::translate : allowed
- a::accesskey : allowed
- a::coords : allowed
- a::href : Should be parseable and only schemes: http, https, geo, mailto, sms, tel
- a::hreflang : allowed
- a::name : allowed
- a::onblur : no
- a::onfocus : no
- a::shape : allowed
- a::tabindex : allowed
- a::target : no
- a::type : allowed
- area::accesskey : allowed
- area::alt : allowed
- area::coords : allowed
- area::href : Should be parseable and only schemes: http, https, geo, mailto, sms, tel
- area::nohref : allowed
- area::onblur : no
- area::onfocus : no
- area::shape : allowed
- area::tabindex : allowed
- area::target : no
- audio::controls : allowed
- audio::loop : allowed
- audio::mediagroup : allowed
- audio::muted : allowed
- audio::preload : allowed
- audio::src : Should be parseable and only schemes: http, https, geo, mailto, sms, tel
- bdo::dir : allowed
- blockquote::cite : Should be parseable and only schemes: http, https, geo, mailto, sms, tel
- br::clear : allowed
- button::accesskey : allowed
- button::disabled : allowed
- button::name : allowed
- button::onblur : no
- button::onfocus : no
- button::tabindex : allowed
- button::type : allowed
- button::value : allowed
- canvas::height : allowed
- canvas::width : allowed
- caption::align : allowed
- col::align : allowed
- col::char : allowed
- col::charoff : allowed
- col::span : allowed
- col::valign : allowed
- col::width : allowed
- colgroup::align : allowed
- colgroup::char : allowed
- colgroup::charoff : allowed
- colgroup::span : allowed
- colgroup::valign : allowed
- colgroup::width : allowed
- command::checked : allowed
- command::command : allowed
- command::disabled : allowed
- command::icon : Should be parseable and only schemes: http, https, geo, mailto, sms, tel
- command::label : allowed
- command::radiogroup : allowed
- command::type : allowed
- data::value : allowed
- del::cite : Should be parseable and only schemes: http, https, geo, mailto, sms, tel
- del::datetime : allowed
- details::open : allowed
- dir::compact : allowed
- div::align : allowed
- dl::compact : allowed
- fieldset::disabled : allowed
- font::color : allowed
- font::face : allowed
- font::size : allowed
- form::accept : allowed
- form::action : Should be parseable and only schemes: http, https, geo, mailto, sms, tel
- form::autocomplete : allowed
- form::enctype : allowed
- form::method : allowed
- form::name : allowed
- form::novalidate : allowed
- form::onreset : no
- form::onsubmit : no
- form::target : no
- h1::align : allowed
- h2::align : allowed
- h3::align : allowed
- h4::align : allowed
- h5::align : allowed
- h6::align : allowed
- hr::align : allowed
- hr::noshade : allowed
- hr::size : allowed
- hr::width : allowed
- iframe::align : allowed
- iframe::frameborder : allowed
- iframe::height : allowed
- iframe::marginheight : allowed
- iframe::marginwidth : allowed
- iframe::width : allowed
- img::align : allowed
- img::alt : allowed
- img::border : allowed
- img::height : allowed
- img::hspace : allowed
- img::ismap : allowed
- img::name : allowed
- img::src : Should be parseable and only schemes: http, https, geo, mailto, sms, tel
- img::usemap : Should start with hash
- img::vspace : allowed
- img::width : allowed
- input::accept : allowed
- input::accesskey : allowed
- input::align : allowed
- input::alt : allowed
- input::autocomplete : allowed
- input::checked : allowed
- input::disabled : allowed
- input::inputmode : allowed
- input::ismap : allowed
- input::list : allowed
- input::max : allowed
- input::maxlength : allowed
- input::min : allowed
- input::multiple : allowed
- input::name : allowed
- input::onblur : no
- input::onchange : no
- input::onfocus : no
- input::onselect : no
- input::placeholder : allowed
- input::readonly : allowed
- input::required : allowed
- input::size : allowed
- input::src : Should be parseable and only schemes: http, https, geo, mailto, sms, tel
- input::step : allowed
- input::tabindex : allowed
- input::type : allowed
- input::usemap : Should start with hash
- input::value : allowed
- ins::cite : Should be parseable and only schemes: http, https, geo, mailto, sms, tel
- ins::datetime : allowed
- label::accesskey : allowed
- label::for : allowed
- label::onblur : no
- label::onfocus : no
- legend::accesskey : allowed
- legend::align : allowed
- li::type : allowed
- li::value : allowed
- map::name : allowed
- menu::compact : allowed
- menu::label : allowed
- menu::type : allowed
- meter::high : allowed
- meter::low : allowed
- meter::max : allowed
- meter::min : allowed
- meter::value : allowed
- ol::compact : allowed
- ol::reversed : allowed
- ol::start : allowed
- ol::type : allowed
- optgroup::disabled : allowed
- optgroup::label : allowed
- option::disabled : allowed
- option::label : allowed
- option::selected : allowed
- option::value : allowed
- output::for : allowed
- output::name : allowed
- p::align : allowed
- pre::width : allowed
- progress::max : allowed
- progress::min : allowed
- progress::value : allowed
- q::cite : Should be parseable and only schemes: http, https, geo, mailto, sms, tel
- select::autocomplete : allowed
- select::disabled : allowed
- select::multiple : allowed
- select::name : allowed
- select::onblur : no
- select::onchange : no
- select::onfocus : no
- select::required : allowed
- select::size : allowed
- select::tabindex : allowed
- source::type : allowed
- table::align : allowed
- table::bgcolor : allowed
- table::border : allowed
- table::cellpadding : allowed
- table::cellspacing : allowed
- table::frame : allowed
- table::rules : allowed
- table::summary : allowed
- table::width : allowed
- tbody::align : allowed
- tbody::char : allowed
- tbody::charoff : allowed
- tbody::valign : allowed
- td::abbr : allowed
- td::align : allowed
- td::axis : allowed
- td::bgcolor : allowed
- td::char : allowed
- td::charoff : allowed
- td::colspan : allowed
- td::headers : allowed
- td::height : allowed
- td::nowrap : allowed
- td::rowspan : allowed
- td::scope : allowed
- td::valign : allowed
- td::width : allowed
- textarea::accesskey : allowed
- textarea::autocomplete : allowed
- textarea::cols : allowed
- textarea::disabled : allowed
- textarea::inputmode : allowed
- textarea::name : allowed
- textarea::onblur : no
- textarea::onchange : no
- textarea::onfocus : no
- textarea::onselect : no
- textarea::placeholder : allowed
- textarea::readonly : allowed
- textarea::required : allowed
- textarea::rows : allowed
- textarea::tabindex : allowed
- textarea::wrap : allowed
- tfoot::align : allowed
- tfoot::char : allowed
- tfoot::charoff : allowed
- tfoot::valign : allowed
- th::abbr : allowed
- th::align : allowed
- th::axis : allowed
- th::bgcolor : allowed
- th::char : allowed
- th::charoff : allowed
- th::colspan : allowed
- th::headers : allowed
- th::height : allowed
- th::nowrap : allowed
- th::rowspan : allowed
- th::scope : allowed
- th::valign : allowed
- th::width : allowed
- thead::align : allowed
- thead::char : allowed
- thead::charoff : allowed
- thead::valign : allowed
- tr::align : allowed
- tr::bgcolor : allowed
- tr::char : allowed
- tr::charoff : allowed
- tr::valign : allowed
- track::default : allowed
- track::kind : allowed
- track::label : allowed
- track::srclang : allowed
- ul::compact : allowed
- ul::type : allowed
- video::controls : allowed
- video::height : allowed
- video::loop : allowed
- video::mediagroup : allowed
- video::muted : allowed
- video::poster : Should be parseable and only schemes: http, https, geo, mailto, sms, tel
- video::preload : allowed
- video::src : Should be parseable and only schemes: http, https, geo, mailto, sms, tel
- video::width : allowed
- style : no
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement