Sanitizer: allowAttribute() method

Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The allowAttribute() method of the Sanitizer interface sets an attribute to be allowed on all elements.

The specified attribute is added to the list of attributes in this sanitizer's configuration. The attribute is removed from the removeAttributes list if present.

Note that to allow/disallow attributes only on specific elements use Sanitizer.allowElement().

Syntax

js
allowAttribute(attribute)

Parameters

attribute

A string indicating the name of the attribute to be allowed globally on elements, or an object with the following properties:

name

A string containing the name of the attribute.

namespace Optional

A string containing the namespace of the attribute, which defaults to null.

Returns

None (undefined).

Examples

How to allow specific attributes on elements

This example shows how allowAttribute() is used to specify that an attribute is allowed on elements.

JavaScript

The code first creates a new Sanitizer object that initially allows no attributes. We then call allowAttribute() with the attributes title and mathcolor.

js
// Create an allow sanitizer
const sanitizer = new Sanitizer({
  attributes: [],
});

// Allow the "title" attribute
sanitizer.allowAttribute("title");
// Allow the "mathcolor" attribute
sanitizer.allowAttribute("mathcolor");

// Log the sanitizer configuration
let sanitizerConfig = sanitizer.get();
log(JSON.stringify(sanitizerConfig, null, 2));

Results

The final configuration is logged below. Note how both attributes are now added to the attributes list (other attributes will not be allowed on elements when the sanitizer is used).

Specifications

Specification
HTML Sanitizer API
# dom-sanitizer-allowattribute

Browser compatibility