java-html-sanitizer
java-html-sanitizer copied to clipboard
OWASP
Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
I organized the guide to use a different tag(reference is MDN) `` -> `` https://developer.mozilla.org/en-US/docs/Web/HTML/Element/frame `` -> `` https://developer.mozilla.org/en-US/docs/Web/HTML/Element/applet `` -> `` (but font is obsolete too) https://developer.mozilla.org/en-US/docs/Web/HTML/Element/basefont `` ->...
Sanitize is removing elements of invalid html, not following browser behaviour. Using the following policy: ```java new HtmlPolicyBuilder() .allowElements("p") .allowAttributes("class") .onElements("p") .toFactory() ``` and input: ```html foo
I'm trying to exclude a tag (**template** in the example below) and all content of it. I use **disallowElements** and **disallowTextIn** methods. With the tag it works fine, however I...
This fixes the https://github.com/OWASP/java-html-sanitizer/issues/183
Is there a way to skip the sanitization of emojis. This was the old issue (https://github.com/OWASP/java-html-sanitizer/issues/143 )but I don't see any reasonable conclusion
I'm trying to get sanitized html but keep information about large span text. I sanitize html with: ``` return new HtmlPolicyBuilder() .allowStyling() .allowElements("span", "div") .allowWithoutAttributes("span") .allowAttributes("class", "style") .onElements("span", "div") .toFactory()...
Sometimes we want use sanitizer to sanitizer some info, but not do some html encoding or decoding, because we want do some encoding by ourself. hope a config or parameters...
Support CSS3 functions like translate, rotate are removed from the HTML styling. These assist in the presentation of information to the end user.
I'm using `HtmlPolicyBuilder` to build my HTML sanitization policy and I came across the issue that the doctype declaration is always removed after sanitization. How can I build a `PolicyFactory`...
I was looking for a way to externalize a policy definition and have the factory or the builder load it from YAML, HOCON, properties etc. Is this not supported on...
