Sven Strickroth
Sven Strickroth
Empty `span` is dropped, because it is part on `DEFAULT_SKIP_IF_EMPTY`. You need to allow it using `allowWithoutAttributes`. cf. https://github.com/OWASP/java-html-sanitizer/blob/91c5fdc146a01aab1e8b0db38be449a960fe88c1/src/test/java/org/owasp/html/HtmlPolicyBuilderTest.java#L712-L723
Should be fixed on main.
So, what is the concrete issue?
Add this to your policy to explicitly allow this property (with values as defined in CssSchema): `.allowStyling(CssSchema.withProperties(List.of("overflow-x")))`
Can this issue be closed?
Even if `flex` is not support out of the box, you can in principle add your own CssSchema rules (only issue, `CssSchema.withProperties(Map)` does not work rights now, cf. #313 :...
If you have plain text, you might need not to sanitize HTML but to escape HTML special characters.
cf. PR #36
Duplicate of issue #32