You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -488,6 +488,16 @@ Note that if you use this option you are responsible for stating the entire list
The content still gets escaped properly, with the exception of the `script` and `style` tags. *Allowing either `script` or `style` leaves you open to XSSattacks. Don't do that* unless you have good reason to trust their origin.
### Escaping the content of a disallowed tag
Instead of discarding, or keeping text only, you may enable escaping of the entire content:
```javascript
escapeDisallowedTags: true
```
This will transform `<disallowed>content</disallowed>` to `<disallowed>content</disallowed>`
## About P'unk Avenue and Apostrophe
`sanitize-html` was created at [P'unk Avenue](http://punkave.com) for use in ApostropheCMS, an open-source content management system built on node.js. If you like `sanitize-html` you should definitely [check out apostrophecms.org](http://apostrophecms.org).
