feat: ability to specify if selfClosing element is a void element

[gastonyte]

Summary

That PR is about adding ability for users to not add a / at the end of specific void elements (like <br>, <link> or <input> elements)

This change originally come from #51

What are the specific steps to test this change?

type SelfClosingOptions = Record<string, boolean | { voidElement: boolean }>

type MyIOptions = Omit<sanitizeHtml.IOptions, 'selfClosing'> & {
  selfClosing?: SelfClosingOptions | string[] | undefined
}

const sanitizationOptions: MyIOptions = {
  allowedTags: ['p', 'strong', 'em', 'u', 's', 'blockquote', 'ul', 'ol', 'li', 'br'],
  allowedAttributes: {},
  selfClosing: {
    br: {
      voidElement: true
    }
  },
}

const cleaned = sanitizeHtml(
  value,
  sanitizationOptions as sanitizeHtml.IOptions
)

What kind of change does this PR introduce?

(Check at least one)

• Bug fix
• New feature
• Refactor
• Documentation
• Build-related changes
• Other

Make sure the PR fulfills these requirements:

• It includes a) the existing issue ID being resolved, b) a convincing reason for adding this feature, or c) a clear description of the bug it resolves
• The changelog is updated
• Related documentation has been updated
• Related tests have been updated

If adding a new feature without an already open issue, it's best to open a feature request issue first and wait for approval before working on it.

Other information:

[gastonyte]

I didn't change the documentation because I don't know where to write about voidElement because the section explaining selfClosing does not exist yet.

[boutell]

This is great — just one request to avoid prototype pollution issues.

As for documentation, please introduce a new third-level heading.

[boutell]

It would be more performant to use a for loop here, avoiding the need to make a new object on every pass.

[gastonyte]

i replaced the reduce with a for-of loop

[boutell]

Use Object.hasOwn(options.selfClosing, name) to make sure it's a real property and not something sneaky like __prototype__. Or use a Map.

[gastonyte]

done

[boutell]

Localized and then never used in a localized away again because of the reassignment for the array case. So I think it would be clearer if we didn't do this at all and just referred to options.selfClosing throughout this bit.

[boutell]

The README must be updated to cover this new syntax.

[boutell]

Sorry for the delay on this one!

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[BoDonkey]

Bump to remove label.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[BoDonkey]

I know this has been a long back and forth, but do you know if you will be able to finish this @gastonyte?