What are the HTML sanitation rules that get applied to HTML specified in the "submission[body]" parameter for assignment submissions via the Canvas API? The Canvas API documentation on submitting assignments states:
Note this HTML snippet will be sanitized using the same ruleset as a submission made from the Canvas web UI.
I have successfully submitted assignments containing an HTML body via the Canvas API, but I have not been able to locate the mentioned 'ruleset' to determine what types of HTML (and embedded styling) I'm able to send without it being lost.
Solved! Go to Solution.
Could it be the same ruleset that is on the Canvas HTML Editor Whitelist? If the API is a less GUI way of doing things inside Canvas, it would make sense.
Could it be the same ruleset that is on the Canvas HTML Editor Whitelist? If the API is a less GUI way of doing things inside Canvas, it would make sense.
I cannot take credit for this, I asked the IRC channel and got this response...
the short version is "we call out to nokogiri to scrub it"
source references:
canvas-lms/canvas_sanitize.rb at master · instructure/canvas-lms · GitHub
Search · sanitize_field :body, CanvasSanitize::SANITIZE · GitHub
Based on the HTML that I'm submitting and how it appears to be getting sanitized, the whitelist you provided appears to the ruleset that is used. Thank you!