diff --git a/docs/_includes/js/overview.html b/docs/_includes/js/overview.html index b8a10cf80d..911b59098d 100644 --- a/docs/_includes/js/overview.html +++ b/docs/_includes/js/overview.html @@ -70,6 +70,81 @@ $('#myModal').on('show.bs.modal', function (e) { }) {% endhighlight %} +
Tooltips and Popovers use our built-in sanitizer to sanitize options which accept HTML.
+The default whiteList
value is the following:
If you want to add new values to this default whiteList
you can do the following:
If you want to bypass our sanitizer because you prefer to use a dedicated library, for example DOMPurify, you should do the following:
+ +{% highlight js %} +$('#yourTooltip').tooltip({ + sanitizeFn: function (content) { + return DOMPurify.sanitize(content) + } +}) +{% endhighlight %} + +document.implementation.createHTMLDocument
In case of browsers that don't support document.implementation.createHTMLDocument
, like Internet Explorer 8, the built-in sanitize function returns the HTML as is.
If you want to perform sanitization in this case, please specify sanitizeFn
and use an external library like DOMPurify.
The version of each of Bootstrap's jQuery plugins can be accessed via the VERSION
property of the plugin's constructor. For example, for the tooltip plugin:
Options can be passed via data attributes or JavaScript. For data attributes, append the option name to data-
, as in data-animation=""
.
Note that for security reasons the sanitize
, sanitizeFn
and whiteList
options cannot be supplied using data attributes.
sanitize | +boolean | +true | +Enable or disable the sanitization. If activated 'template' , 'content' and 'title' options will be sanitized. |
+
whiteList | +object | +Default value | +Object which contains allowed attributes and tags | +
sanitizeFn | +null | function | +null | +Here you can supply your own sanitize function. This can be useful if you prefer to use a dedicated library to perform sanitization. | +
Options can be passed via data attributes or JavaScript. For data attributes, append the option name to data-
, as in data-animation=""
.
Note that for security reasons the sanitize
, sanitizeFn
and whiteList
options cannot be supplied using data attributes.
sanitize | +boolean | +true | +Enable or disable the sanitization. If activated 'template' , 'content' and 'title' options will be sanitized. |
+
whiteList | +object | +Default value | +Object which contains allowed attributes and tags | +
sanitizeFn | +null | function | +null | +Here you can supply your own sanitize function. This can be useful if you prefer to use a dedicated library to perform sanitization. | +