Instructure

gruetzmacherr · ‎08-02-2018

What are the HTML sanitation rules that get applied to HTML specified in the "submission[body]" parameter for assignment submissions via the Canvas API? The Canvas API documentation on submitting assignments states:

Note this HTML snippet will be sanitized using the same ruleset as a submission made from the Canvas web UI.

I have successfully submitted assignments containing an HTML body via the Canvas API, but I have not been able to locate the mentioned 'ruleset' to determine what types of HTML (and embedded styling) I'm able to send without it being lost.

GregoryBeyrer · ‎08-02-2018

Could it be the same ruleset that is on the Canvas HTML Editor Whitelist? If the API is a less GUI way of doing things inside Canvas, it would make sense.

View solution in original post

GregoryBeyrer · ‎08-02-2018

Could it be the same ruleset that is on the Canvas HTML Editor Whitelist? If the API is a less GUI way of doing things inside Canvas, it would make sense.

robotcars · ‎08-02-2018

I cannot take credit for this, I asked the IRC channel and got this response...

the short version is "we call out to nokogiri to scrub it"

source references:

canvas-lms/canvas_sanitize.rb at master · instructure/canvas-lms · GitHub

Search · sanitize_field :body, CanvasSanitize::SANITIZE · GitHub

gruetzmacherr · ‎08-02-2018

Based on the HTML that I'm submitting and how it appears to be getting sanitized, the whitelist you provided appears to the ruleset that is used. Thank you!

Instructure

Community

HTML sanitation rules applied to HTML in submission body

Open API

Standards

Mid-Term Grades emails

Confusion with the LTI LineItem service

LTI LineItem not visible in Gradebook

Microsoft Teams Meetings LTI App in Canvas - editi...

Removing metadata from files submitted by student