Skip to main content

damascene_html/
options.rs

1//! Output-changing options for the HTML transformer.
2
3/// Optional knobs for [`crate::html_with_options`].
4///
5/// The default is "trusted-scrap" — no extra sanitization beyond the
6/// hardcoded baseline that always strips `<script>`, `<iframe>`,
7/// `<object>`, `<embed>`, `<noscript>`, every `on*` attribute, and
8/// every `javascript:` / `vbscript:` / `data:text/html` URL.
9#[derive(Clone, Copy, Debug, Default, PartialEq, Eq)]
10pub struct HtmlOptions {
11    /// When `true`, treat input as untrusted: also drop `<style>`
12    /// blocks and any inline `style=""` attributes, unparsed. Each
13    /// drop is recorded as a [`crate::FindingKind::SanitizedStyle`]
14    /// finding. Default `false`.
15    pub sanitize_styles: bool,
16}
17
18impl HtmlOptions {
19    pub fn sanitize_styles(mut self, enabled: bool) -> Self {
20        self.sanitize_styles = enabled;
21        self
22    }
23}