From c3d8214124b3dea0a216d76a1652c9dbb3c410a5 Mon Sep 17 00:00:00 2001
From: AarDG10 <aarol.dsouza@gmail.com>
Date: Mon, 13 Apr 2026 17:28:57 +0530
Subject: [PATCH] feat(html_utils): introduce wildcard in sanitize_html

Introduces a wildcard i.e. Disallows all HTML tags when used.
---
 frappe/utils/html_utils.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/frappe/utils/html_utils.py b/frappe/utils/html_utils.py
index c0ca52e147..dc26029d82 100644
--- a/frappe/utils/html_utils.py
+++ b/frappe/utils/html_utils.py
@@ -170,7 +170,10 @@ def sanitize_html(html, linkify=False, always_sanitize=False, disallowed_tags=No
 
 	# Allow caller to explicitly disallow some tags
 	if disallowed_tags:
-		tags.difference_update(disallowed_tags)
+		if disallowed_tags == "*":
+			tags = set()
+		else:
+			tags.difference_update(disallowed_tags)
 
 	attributes = {"*": acceptable_attributes, "svg": svg_attributes}