html_sanitize_url_domain
The `html_sanitize_url_domain` directive specifies whitelisted domains for URLs in sanitized HTML content.
Description
The html_sanitize_url_domain directive is used in the context of sanitizing HTML content by allowing only certain domains for URLs present in elements like anchors and images. This directive accepts one or more domain names as arguments, which are added to a whitelist. When HTML content is processed, any URL not matching the specified domains will be stripped or replaced to prevent potential security threats such as XSS (Cross-Site Scripting).
Each specified domain can include wildcard patterns, enabling flexibility in matching subdomains. For instance, specifying 'example.com' will allow both 'example.com' and any subdomains like 'sub.example.com'. This feature is crucial for maintaining the integrity of user-generated or external content in web applications while ensuring a safe browsing experience. Additionally, it is often used alongside other directives that handle elements and attributes, allowing for comprehensive content sanitization.
Config Example
location / {
html_sanitize_url_domain example.com example.org;
html_sanitize on;
}Remember to include the protocol (http or https) if necessary, as this directive only filters the domain and not the full URL.
Make sure to add all needed subdomains to the whitelist, as failure to include required domains can lead to broken links in the sanitized content.
Multiple domains should be separated by a space, and any trailing or leading spaces in domain names may cause issues.