Mike Samuel

Right now, there's no handling of foreign XML contexts. I think the simplest fix would be to add SVG to the table of element and attribute definitions. I think MathML...

@wookie41, I haven't run that in a while. What did you try? I'd probably start by adding [SVG elements like `svg`, `path`, etc.](https://webplatform.github.io/docs/svg/elements/) to https://github.com/OWASP/java-html-sanitizer/blob/0c04e4be08a25ebc396784dce72c65a2b8f6665f/empiricism/html-containment.html#L45-L68

What do you mean by "overflows?" Are you talking about the CSS `overflow-x` properties?

Or do the semicolons inside your HTML tags relate to your question?

I believe overflow-x is recognized by the CSS property validator. https://github.com/OWASP/java-html-sanitizer/blob/e2b29e803c4f7ea225f569d18b3b1356d8e5bf3d/src/main/java/org/owasp/html/CssSchema.java#L421-L426

https://www.w3.org/TR/html5/syntax.html#parsing-main-inbody explains that tags are handled by translating to and reparsing > A start tag whose tag name is "`image`" > Parse error. Change the token's tag name to "`img`"...

```java assertEquals( "", apply( new HtmlPolicyBuilder() .allowElements("img") .allowElements( new ElementPolicy() { public String apply(String elementName, List attrs) { return "img"; } }, "image") .allowAttributes("src").onElements("img", "image") .allowStandardUrlProtocols(), "")); ``` repeats the...

Assuming the testcase captures the OP's problem, https://github.com/OWASP/java-html-sanitizer/commit/8ae326eba6b9bac6036e01850396c1af5b39e804 should address this.

@pickle-weasle , responses inline. > Hey @mikesamuel, yes I'm doing something similar to the example you pasted. > Not sure what you mean by "but without the custom ElementPolicy it...

CssSchema is where support needs to go. Do you have a list of the grid properties you need? The sanitizer needs to preserve visual containment, so we need to be...