Am I correct in thinking that app/assets/javascripts/pretty-text/white-lister.js.es6 is the replacement for the old app/assets/javascripts/defer/html-sanitizer-bundle.js ?
There are descrepancies in what tags were apparently allowed through in html-sanitizer-bundle and what are listed as being allowed in white-lister.
Anything not flagged as UNSAFE (& 16) apparently were allowed. That list is a lot longer than the list in white-lister:
a // allowed in white-lister
abbr // EDIT: now allowed
acronym
address
article
aside // allowed in white-lister
b // allowed in white-lister
bdi
bdo
big
blockquote // allowed in white-lister
br // allowed in white-lister
caption
cite
code // allowed in white-lister
col
colgroup
data
dd // EDIT: now allowed
del // EDIT: now allowed
details
dfn
dir
div // allowed in white-lister
dl // EDIT: now allowed
dt // EDIT: now allowed
em // allowed in white-lister
figcaption
figure
h1 // allowed in white-lister
h2 // allowed in white-lister
h3 // allowed in white-lister
h4 // allowed in white-lister
h5 // allowed in white-lister
h6 // allowed in white-lister
header
hgroup
hr // allowed in white-lister
i // allowed in white-lister
iframe // allowed in white-lister
img // allowed in white-lister
ins // EDIT: now allowed
kbd // allowed in white-lister
label
legend
li // allowed in white-lister
meter
nav
nobr
ol // allowed in white-lister
p // allowed in white-lister
pre // allowed in white-lister
q
s // EDIT: now allowed
samp
section
small // allowed in white-lister
span // allowed in white-lister
strike // allowed in white-lister
strong // allowed in white-lister
sub // EDIT: now allowed
summary
sup // EDIT: now allowed
tfoot
time
track
tt
u
ul // allowed in white-lister
var
wbr
Now, I’ve never needed <wbr> <!-- WordBReak -->, but some of the others are certainly useful: underline, dictionary lists, abbr, etc. (Useful does not mean I have ever used them in Discourse, but I do use them in HTML I write.) Was it the intention to winnow the allowed tag list so thoroughly?
Edit July 26: corrected for @sam’ and @eviltrout’s changes.