Support RegExp in the list of valid property values

Author: aprendendofelipe

lib/index.js

@@ -9,8 +9,8 @@
  *   Possible property values
  * @typedef {string|number|boolean} PrimitivePropertyValue
  *   Possible primitive HTML attribute values
- * @typedef {string|[string, ...Array<PrimitivePropertyValue>]} AttributeValue
- * @typedef {Record<string, Array<PrimitivePropertyValue>>} AttributeMap
+ * @typedef {string|[string, ...Array<PrimitivePropertyValue|RegExp>]} AttributeValue
+ * @typedef {Record<string, Array<PrimitivePropertyValue|RegExp>>} AttributeMap
  *
  * @typedef Schema Sanitization configuration
  * @property {Record<string, Array<AttributeValue>>} [attributes]
@@ -389,7 +389,10 @@ function handlePropertyValue(schema, value, prop, definition) {
       typeof value === 'number' ||
       typeof value === 'string') &&
     safeProtocol(schema, value, prop) &&
-    (definition.length === 0 || definition.includes(value))
+    (definition.length === 0 ||
+      definition.some((allowed) =>
+        allowed instanceof RegExp ? allowed.test(value) : allowed === value
+      ))
   ) {
     return schema.clobberPrefix &&
       schema.clobber &&

readme.md

@@ -192,8 +192,9 @@ attributes: {
 
 Instead of a single string (such as `type`), which allows any [*property
 value*][value] of that [*property name*][name], it’s also possible to provide
-an array (such as `['type', 'checkbox']`), where the first entry is the
-*property name*, and all other entries allowed *property values*.
+an array (such as `['type', 'checkbox']` or `['ClassName', /^hljs-/]`),
+where the first entry is the *property name*, and all other entries are
+*property values* allowed (or *RegEx*).
 This is how the default GitHub schema allows only disabled checkbox inputs:
 
 ```js

test.js

@@ -610,6 +610,30 @@ test('sanitize()', (t) => {
       'should support a list of valid values on new attributes'
     )
 
+    t.deepEqual(
+      sanitize(
+        h('div', [
+          h('span', {className: 'a-one'}),
+          h('span', {className: 'a-two'}),
+          h('span', {className: 'b-one'}),
+          h('span', {className: 'b-two'}),
+          h('span', {className: 'a-one a-two b-one b-two'})
+        ]),
+        deepmerge(defaultSchema, {
+          tagNames: ['span'],
+          attributes: {span: [['className', /^a-/, 'b-one']]}
+        })
+      ),
+      h('div', [
+        h('span', {className: 'a-one'}),
+        h('span', {className: 'a-two'}),
+        h('span', {className: 'b-one'}),
+        h('span', {className: []}),
+        h('span', {className: 'a-one a-two b-one'})
+      ]),
+      'should support RegExp in the list of valid values'
+    )
+
     t.deepEqual(
       sanitize(
         h('div', [