<hello return `` when escaping content #706
Description
PLEASE NOTE: make sure the bug exists in the latest patch level of the project. For instance, if you are running a 2.x version of Apostrophe, you should use the latest in that major version to confirm the bug.
To Reproduce
Step by step instructions to reproduce the behavior:
- Install the version
2.17.0 - Write a program wih this script
const res = sanitizeHtml('<hello', {
allowedAttributes: {
...sanitizeHtml.defaults.allowedAttributes,
span: ['data-userid'],
'*': ['class']
},
disallowedTagsMode: 'recursiveEscape',
preserveEscapedAttributes: true
});
console.log(`Result: "${res}"`)
// Result: ""- See the issue
Expected behavior
A clear and concise description of what you expected to happen.
The console log should return <hello since it isn't a valid html tag.
Describe the bug
A clear and concise description of what the bug is.
Any texts starting with < are completly removed from the final output in escape mode
In complementary, text like <hello you> are returned as <hello you=""> instead of just being escaped
Details
Version of Node.js: 20.17.0
PLEASE NOTE: Only stable LTS versions (10.x and 12.x) are fully supported but we will do our best with newer versions.
Server Operating System:
The server (which might be your dev laptop) on which Apostrophe is running. Linux? MacOS X? Windows? Is Docker involved?
Additional context:
Add any other context about the problem here. If the problem is specific to a browser, OS or mobile device, specify which.
Screenshots
If applicable, add screenshots to help explain your problem.