Community

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
gruetzmacherr
New Member

HTML sanitation rules applied to HTML in submission body

Jump to solution

What are the HTML sanitation rules that get applied to HTML specified in the "submission[body]" parameter for assignment submissions via the Canvas API? The Canvas API documentation on submitting assignments states:

Note this HTML snippet will be sanitized using the same ruleset as a submission made from the Canvas web UI.

I have successfully submitted assignments containing an HTML body via the Canvas API, but I have not been able to locate the mentioned 'ruleset' to determine what types of HTML (and embedded styling) I'm able to send without it being lost.

Labels (2)
1 Solution

Accepted Solutions
GregoryBeyrer
Community Coach
Community Coach

Could it be the same ruleset that is on the Canvas HTML Editor Whitelist? If the API is a less GUI way of doing things inside Canvas, it would make sense.

View solution in original post

3 Replies
GregoryBeyrer
Community Coach
Community Coach

Could it be the same ruleset that is on the Canvas HTML Editor Whitelist? If the API is a less GUI way of doing things inside Canvas, it would make sense.

robotcars
Community Member

I cannot take credit for this, I asked the IRC channel and got this response...

the short version is "we call out to nokogiri to scrub it"

source references:

canvas-lms/canvas_sanitize.rb at master · instructure/canvas-lms · GitHub 

Search · sanitize_field :body, CanvasSanitize::SANITIZE · GitHub 

Based on the HTML that I'm submitting and how it appears to be getting sanitized, the whitelist you provided appears to the ruleset that is used. Thank you!