A vibe coded tangled fork which supports pijul.
appview/pages: allow picture and source elements in sanitizer
The HTML sanitizer was stripping <picture> and <source> elements from
rendered markdown, preventing modern image format usage (e.g. AVIF with
fallbacks). Allow these elements and their relevant attributes (srcset,
type, media).
Signed-off-by: Niclas Overby <niclas@overby.me>
authored by
Niclas Overby
and committed by
tangled.org
5c8794ba
9325b4fd
+4
+4
appview/pages/markup/sanitizer.go
+4
appview/pages/markup/sanitizer.go
···
71
71
"dl", "dt", "dd", "kbd", "q", "samp", "var", "hr", "ruby", "rt", "rp", "li", "tr", "td", "th", "s", "strike", "summary",
72
72
"details", "caption", "figure", "figcaption",
73
73
"abbr", "bdo", "cite", "dfn", "mark", "small", "span", "time", "video", "wbr",
74
+
"picture", "source",
74
75
}
75
76
76
77
policy.AllowAttrs(generalSafeAttrs...).OnElements(generalSafeElements...)
77
78
78
79
// video
79
80
policy.AllowAttrs("src", "autoplay", "controls").OnElements("video")
81
+
82
+
// picture/source for modern image formats (avif, webp, etc.)
83
+
policy.AllowAttrs("srcset", "type", "media").OnElements("source")
80
84
81
85
// checkboxes
82
86
policy.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input")