subbudvk
subbudvk
This recent breaking changes - Forces validating global style content with CSSSchema - Earlier we had better options seperately allowAttributes("style").globally() - doesn't sanitize, allowStyling() - did sanitize. - make disallowAttribute("style").globally()...
https://github.com/OWASP/java-html-sanitizer/pull/218/files made a breaking change to imply allowAttributes("style").globally(), with this change I believe the CSS Schema based whitelisting is applied automatically even if someone explicitly use _allowAttributes()_ instead of _allowStyling()_...
- Why does CSS Sanitization happening with properties in CSSSchema for style attribute is not happening when we do allowTextIn("style") ? - If that's intentional, Is there a way to...
Fixes https://github.com/OWASP/java-html-sanitizer/issues/195 and allows more attributes than existing PR The goal is to allow common safe attributes in table context for in a single PR instead of handling one attribute...
I am trying to disallow attributes matching a specific pattern. ``` HtmlPolicyBuilder builder = new HtmlPolicyBuilder(); PolicyFactory factory = builder.allowUrlProtocols("http", "https").allowElements("img","a","div","span") .allowAttributes("alt", "src").onElements("img") .allowAttributes("border", "height", "width").onElements("img") .allowAttributes("href").matching(Pattern.compile(".*google.*")).onElements("a") .disallowAttributes("src").matching(Pattern.compile(".*google.*")).onElements("img") .toFactory(); System.out.println("ALLOW...
I am using Preprocessor to change content of a specific tag. The implementation looks like follows, I will listen for _openTag_ event and when current tag is _style_, I handle...