In a given scenario where users of an application can create note-content in Quill, what tags and attributes should be whitelisted in a policy file. I am using OWASP AntiSamy for sanitization.
I am not very familiar with JS or HTML and therefore unsure of what tags to whitelist.
I have included a list of some tags and attributes, but not sure if I am missing anything
<tag name="b" action="validate"/>
<tag name="i" action="validate"/>
<tag name="u" action="validate"/>
<tag name="em" action="validate"/>
<tag name="mark" action="validate"/>
<tag name="strong" action="validate"/>
<tag name="p" action="validate"/>
<tag name="br" action="validate"/>
<tag name="ul" action="validate"/>
<tag name="ol" action="validate"/>
<tag name="li" action="validate"/>
<tag name="a" action="validate">
<attribute name="href" action="validate">
<regexp-list>
<regexp value="^https?://.*"/>
<!-- other safe links -->
</regexp-list>
</attribute>
<attribute name="title" onInvalid="remove"/>
<attribute name="target" onInvalid="remove"/>
</tag>