HTML sanitization option for host/service outputs

1 votes

To make the use of HTML in check output safer and more controlled, the existing Escape HTML rule should be extended with an additional option called Sanitize HTML.

Rendering modes:
* Escape HTML: escaped plain text (existing)
* Don't esacpe HTML: unescaped raw HTML (existing)
* Sanitized HTML: sanitized HTML rendering (new)

When the Sanitized HTML option is selected, the returned HTML code will be cleaned before display using a sanitizer such as DOMPurify or nh3, removing untrusted or potentially harmful content in accordance with best practices.

This enhancement allows users to control how HTML content in the output is displayed, as plain text, basic HTML, or sanitized HTML, providing greater flexibility while maintaining security and stability across all components.

Since this functionality operates between the checks and the GUI, it can be used uniformly for all checks without requiring any modifications to the checks themselves.

HTML_Output_Rule_zylr0q.png

Under consideration Rules Suggested by: Lars Sörensen (21 May) • Upvoted: 21 May • Comments: 0