stripTags strips things that aren't tags #469
Conversation
paulfalgout
force-pushed
the
patch-2
branch
2 times, most recently
from
d0bb9bb to
8ef5989
Compare
|
Thanks for pointing us to this issue. Do you want to fix this bug? |
|
@stoeffel Regex isn't really my thing, so this heavily borrows from |
|
Funny enough FWIW #266 is also heavily borrowing from the same source and would also solve this problem, but adds the ability to allow certain tags (why the author renamed allow to ignore, I'm not sure) |
|
@stoeffel any chance to get this one merged? This issue is kind of severe :/ |
|
will review it tomorrow. sorry for the delay. we will be faster with our
|
|
Nice! Thank you for your work. |
|
I tried this with some additional tests and the last one fails. equal(stripTags('<h1 id="foo" data-foo="bar">hello world</body></h1>'), 'hello world');
equal(stripTags('<web-component>hello world</web-component>'), 'hello world');
equal(stripTags('<ReactComponent.Title>hello world</ReactComponent.Title>'), 'hello world');
equal(stripTags('I have <I want, but that is > nothing'), 'I have <I want, but that is > nothing'); 78 passing (32ms)
1 failing
1) #stripTags:
AssertionError: 'I have nothing' == 'I have <I want, but that is > nothing'
+ expected - actual
- I have nothing
+ I have <I want, but that is > nothing
at Context.<anonymous> (tests/stripTags.js:13:3)
|
|
I'm afraid this is the closest strip tags can be done with regex. True strip tags can only be done with parser. |
|
Yes, you are right. It only looks strange 😸 |
|
Could you include a test for comments and maybe some tests like I described above? Otherwise this looks good. Thanks for the PR. |
Can you clarify this? |
|
I mean a test for
|
|
Ok good deal. I'll see about getting to this shortly |
|
nice. thanks
|
Regex borrowed and modified from: https://github.com/kvz/phpjs/blob/master/functions/strings/strip_tags.js
|
The more I think about this, the more I think we should consider deprecating striptags (like we did with sprintf). I think the problem stripTags is trying to solve is too big for _.str and a module like https://www.npmjs.com/package/striptags does a much better job. What are your thoughts? |
|
I'm good with that. My biggest beef with this function is that I assumed a little too much that it would work, but it was aggressively stripping things that were valid inputs from users. This implementation is better but I've gone in another direction myself as I can't have either a false sense of security or false positives. Probably for something as sensitive as this functionality it should come from a library that is very focused on the task. |
|
Ho did not know about this lib. Good idea. About sprintf & striptags, why deprecated it? I mean, I consider underscore.string like the Swiss army knife when it comes to deal with Strings and I like having all those features in one place, even if that means some features are just symbolic links to another library. I trust underscore.string enough to let it choose for me the best library for the job under the hood. |
Having dependencies means more maintenance. We would have to deal with issues for 3rd party libraries that aren't under _.str control. We would have to document the functionality of these modules, which is overhead and can lead to misleading documentation. |
|
Make sense. Thank you. |
|
@epeli do you agree with deprecating stripTags? |
No description provided.