Skip to content

Commit 44604cf

Browse files
authored
fix: allow 'expanded' attribute in Purifier (#40501)
* fix: allow 'expanded' attribute in Purifier Allow 'expanded' to be preserved during HTML sanitization. This is needed for amp-accordion (and Bento accordion) when rendered inside templates like amp-mustache, where state attributes on standard tags (like <section>) were being stripped. Includes test case for standard elements. * fix: allow 'expanded' attribute in Purifier Allow 'expanded' to be preserved during HTML sanitization. This is needed for amp-accordion (and Bento accordion) when rendered inside templates like amp-mustache, where state attributes on standard tags (like <section>) were being stripped. Includes test case for standard elements. * remove conflict markers * remove the allowlisting to change the test * add back allowlist
1 parent feb6c2e commit 44604cf

File tree

2 files changed

+7
-0
lines changed

2 files changed

+7
-0
lines changed

src/purifier/sanitation.js

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -235,6 +235,7 @@ export const ALLOWLISTED_ATTRS = [
235235
'max-font-size',
236236
'on',
237237
'option',
238+
'expanded',
238239
'placeholder',
239240
// Attributes related to amp-form.
240241
'submitting',

test/unit/test-purifier.js

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -193,6 +193,12 @@ describes.sandboxed('DOMPurify-based', {}, (env) => {
193193
expect(rewriteAttributeValueSpy.callCount).to.be.equal(1);
194194
});
195195

196+
it('should output "expanded" attribute', () => {
197+
expect(purify('<section expanded>Header</section>')).to.equal(
198+
'<section expanded="">Header</section>'
199+
);
200+
});
201+
196202
it('should default target to _top with href', () => {
197203
// Can't use string equality since DOMPurify will reorder attributes.
198204
const actual = serialize(

0 commit comments

Comments
 (0)