PLEASE NOTE: make sure the bug exists in the latest patch level of the project. For instance, if you are running a 2.x version of Apostrophe, you should use the latest in that major version to confirm the bug.
To Reproduce
Step by step instructions to reproduce the behavior:
- Go to https://codesandbox.io/p/devbox/l6hczn
- Click the "Start" item in the lower right corner
- Note the outputs: sanitize-html turns the valid self-closing
<col> into <col></col>, causing the sanitized HTML to fail validation.
Expected behavior
sanitize-html creates valid HTML under its default settings.
Describe the bug
sanitize-html accepts <col> tags in its default configuration, but it fails to mark <col> as void elements (self-closing). As a result, it turns them into <col></col>, which is not valid HTML.
Details
https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/col
Version of Node.js:
PLEASE NOTE: Only stable LTS versions (20.x, 22.x, 24.x as of 2026-02-24) are fully supported but we will do our best with newer versions. Avoid odd-numbered versions, which are not considered stable.
Server Operating System:
The server (which might be your dev laptop) on which Apostrophe is running. Linux? MacOS X? Windows? Is Docker involved?
Additional context:
Add any other context about the problem here. If the problem is specific to a browser, OS or mobile device, specify which.
Screenshots
If applicable, add screenshots to help explain your problem.
PLEASE NOTE: make sure the bug exists in the latest patch level of the project. For instance, if you are running a 2.x version of Apostrophe, you should use the latest in that major version to confirm the bug.
To Reproduce
Step by step instructions to reproduce the behavior:
<col>into<col></col>, causing the sanitized HTML to fail validation.Expected behavior
sanitize-html creates valid HTML under its default settings.
Describe the bug
sanitize-html accepts
<col>tags in its default configuration, but it fails to mark<col>as void elements (self-closing). As a result, it turns them into<col></col>, which is not valid HTML.Details
https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/col
Version of Node.js:
PLEASE NOTE: Only stable LTS versions (20.x, 22.x, 24.x as of 2026-02-24) are fully supported but we will do our best with newer versions. Avoid odd-numbered versions, which are not considered stable.
Server Operating System:
The server (which might be your dev laptop) on which Apostrophe is running. Linux? MacOS X? Windows? Is Docker involved?
Additional context:
Screenshots
If applicable, add screenshots to help explain your problem.