Mike Samuel
Mike Samuel
@janis-github, Sorry for the delay. The problem was that visual cropping was bypassed when margins were negative. Not that you can move things around. I'm not aware of any numeric...
Unfortunately, putting ZZZ in there makes that not an HTML comment. The lexer should recognize that `` content is raw text so you should be able to use a pre-processor...
If the sanitizer produces structurally invalid markup, there's a greater risk of HTML parsers getting confused so I can't do that. If I allow overriding umpteen behaviors, then testing with...
I put together https://github.com/OWASP/java-html-sanitizer/pull/126 to try to fill this gap. It integrates a [URL classifier engine](https://github.com/OWASP/url-classifier) that lets you express predicates over URLs like ```java /** We define a classifier...
This issue is about docs and examples. If you have a problem with mis-encoding of tel: URLs could you open a new issue with an example of a tel: URL...
@jmiserez I'm trying to fit my pro-bono work, including this project, in between a lot of other stuff. Sorry if I was abrupt, but I have no hostility towards you....
Sorry for the delay: > I think that in a = AttributePolicy.Util.join(a, b) logic, we should combine protocols. Hmm. I wonder whether we could define ```java interface JoinableAttributePolicy { /**...
Why do you have BIT_STRING in there?
No. CssSchema is not really extensible as written.
Yeah. @apottere The problem is organizational more than technical. I try to avoid implementing footguns, and have not found a way to allow a highly tuneable definition of "safe CSS"...