How to allow html5 data attribute for tags

[drnkwati]

Hay guys
I have two questions

1. How can we configure tags to allow for html5 data attributes on tags.
   I know we can specifically set them one by one but i need a way to allows for all attributes beginning with data-* (maybe a regex way of doing it exists).
2. Is there a ways to set a global attributes allowed on all tags.
   thanks

[tgalopin]

Hello @drnkwati !

1/ For now, this is not easily possible but this is a good idea and would be worth having a look at :) . If you have time and will, don't hesitate to try, otherwise I'll have a look :) .

2/ Not really either, but this could be quite dangerous. Would allowing only data tags globally work for you? I would be okay do this.

[drnkwati]

For Q2. I don't think it will be dangerous to allow option for setting global attributes.
For example instead of doing this:
/* * Configuration for specific tags. */ 'tags' => [ 'abbr' => [ 'allowed_attributes' => ['class'], ], 'details' => [ 'allowed_attributes' => ['class'], ], 'div' => [ 'allowed_attributes' => ['class'], ],

We could do something like this:
/* * Configuration for all tags. */ 'allowed_attributes' => ['class'], /* * Configuration for specific tags. */ 'tags' => [ 'details' => [ 'allowed_attributes' => ['open'], ],

Is just shorter and reduces the amount of code to write if we need just a few configs

[tgalopin]

Hello @drnkwati !

If you have time to create a PR allowing all data-* attributes, I would be happy giving you a hand :) !

[fbastien]

Hello @tgalopin, regarding the idea of globally allowed attributes (which would be very convenient for common attributes such as class), do you have any example of an attribute that would be safe on some tags but dangerous on others? I may be wrong but I feel like it's rather attribute functionality itself (regardless the tag) that may be risky/undesirable depending on the context instead of its combination with a particular tag. API users would still be equally responsible for their choice to allow an attribute globally, but once they evaluated an attribute to be safe, I don't think they can be mistaken by allowing that attribute globally if they want to. Feel free to provide a counter-example if I'm wrong.