html_sanitize_style_property
The `html_sanitize_style_property` directive specifies which CSS style properties are allowed when sanitizing HTML content in NGINX.
Description
The html_sanitize_style_property directive is part of the NGINX module designed to sanitize HTML content, providing an extra layer of security by whitelisting elements, attributes, and CSS properties. This directive allows administrators to specify one or more CSS style properties that are permissible, thus preventing the use of potentially harmful or unwanted styles in outgoing HTML. Each specified style property will be retained during the sanitization process if it is included in the allowed list.
Given that the directive can accept one or more arguments, it allows for flexibility in specifying multiple CSS properties that should be allowed. When configuring this directive, it is crucial to ensure that the specified property names align exactly with standard CSS property names because this is strictly validated during sanitization. This directive is typically used within the location context of an NGINX configuration, reflecting its role in managing the sanitization efforts for specific request locations.
Config Example
location /sanitize {
html_sanitize_style_property color;
html_sanitize_style_property background-color;
}Ensure proper spelling of CSS properties, as incorrect names will result in them being ignored.
Using this directive without specifying any properties may lead to all styles being removed by default, depending on other configurations.
Overly permissive styles can introduce security vulnerabilities if not properly managed.