feat(html_utils): introduce wildcard in sanitize_html

Introduces a wildcard i.e. Disallows all HTML tags when used.
2026-04-13 17:28:57 +05:30 · 2026-04-13 17:28:57 +05:30 · c3d8214124
commit c3d8214124
parent 2ac1998000
1 changed files with 4 additions and 1 deletions
--- a/frappe/utils/html_utils.py
+++ b/frappe/utils/html_utils.py
@ -170,7 +170,10 @@ def sanitize_html(html, linkify=False, always_sanitize=False, disallowed_tags=No

 	# Allow caller to explicitly disallow some tags
 	if disallowed_tags:
-		tags.difference_update(disallowed_tags)
+		if disallowed_tags == "*":
+			tags = set()
+		else:
+			tags.difference_update(disallowed_tags)

 	attributes = {"*": acceptable_attributes, "svg": svg_attributes}