java-html-sanitizer
java-html-sanitizer copied to clipboard
OWASP
Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
From looking through some HTML Reference, I can see that the srcset attribute of `` element should be able to accept: > A list of one or more strings separated...
Currently we can only define a whitelist using CssSchema.withProperties method, the properties mentioned in this should be present int the master-set DEFINITIONS mentioned in the class. In case while configuring...
Hi, I am trying to upload a svg image to server. Before uploading want to validate the content of svg, if there are any malicious code that can hamper the...
Hi, `` elements get removed by the sanitizer even when they are allowed by the policy. For instance I'd expect the following code : ```java Sanitizers.FORMATTING.sanitize("Hi!") ``` to return `Hi!`...
Commit 7a8785c783bfc1ea1583792e9b8e9da300f83e35 added the file SECURITY.md. However, the file does not contain any sensible information yet.
When trying to sanitize large data URIs used as background images in CSS properties, there is a hard-coded URL limit of 1024 characters (this is in `StylingPolicy.sanitizeAndAppendUrl`). Any value larger...
## issue is The following block is my input: ``` aaaaaaaa bbbbbbbbb. dddddddddd dddd ddddd ``` And the following is my output: ``` aaaaaaaa bbbbbbbbb. dddddddddd dddd ddddd ``` ##...
Hi, An expression like the following is considered invalid: `` Either **stroke** or **stroke-width** are not accepted in a **style**. Is it on purpose or a bug? Thanks! Mircea
Hi, We are using this owasp-java-html-sanitizer-20211018.2.jar library for sanitization of the custom generated HTML, we came across the following situation when we got extra characters in html code as during...
I am trying to disallow attributes matching a specific pattern. ``` HtmlPolicyBuilder builder = new HtmlPolicyBuilder(); PolicyFactory factory = builder.allowUrlProtocols("http", "https").allowElements("img","a","div","span") .allowAttributes("alt", "src").onElements("img") .allowAttributes("border", "height", "width").onElements("img") .allowAttributes("href").matching(Pattern.compile(".*google.*")).onElements("a") .disallowAttributes("src").matching(Pattern.compile(".*google.*")).onElements("img") .toFactory(); System.out.println("ALLOW...
