I am dynamically updating tabs with content using goog.dom.safeHtmlToNode
since the newer release of the google closure library removed the dom fragment method: goog.dom.htmlToDocumentFragment(htmlString).
The sanitizer removes my "id=xyz" from the dom elements. For example:
'<input type="email" id="openid" name="openid" size="20" style="font-size: 18px" />'
becomes
'<input type="email" size="20" style="font-size: 18px;" />'
I was using the id to get the content the user input from these elements. How do I tell the sanitizer to NOT remove these attributes? I have tried the following code without success:
var sanitizer =
new goog.html.sanitizer.HtmlSanitizer.Builder()
.withCustomNetworkRequestUrlPolicy(goog.html.SafeUrl.sanitize)
.allowCssStyles()
.allowFormTag()
.addOriginalTagNames()
.allowDataAttributes([ "data-id","data-name" ]) //data-* attributes are inert as per HTML5 specs
.build();
goog.dom.safeHtmlToNode( sanitizer.sanitize (htmlString) );
I have also tried renaming my "id" to "data-id", the string is still removed from the sanitized output.
Thank you in advance for your help on this matter.
This changes the token policy to allow all instead of allowing none. The token policy is used for the ID and CLASS attributes, so this should allow you to keep your ID attribute.
.withCustomTokenPolicy(goog.functions.identity)