You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to owasp-java-html-...@googlegroups.com
I have a requirement to allow img elements, but only if their src attributes are either relative or originate from a few domains that I have whitelisted.
Can the OWASP sanitizer handle that? If not, are there any suggested approaches to dealing with this type of requirement?
Mike Samuel
unread,
Jun 26, 2014, 8:55:17 AM6/26/14
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
You can replace ONSITE_OR_OFFSITE_URL with a java.util.regex.Pattern
or Predicate<String> of your choosing.
I need to make it easier to generate matchers for URLs based on
properties like origin since that's a bit of a black art.
Using a Predicate<String> with java.net.URI would help you isolate the
authority part. Let me know if you need help phrasing a
predicate/regex solution.
> --
> You received this message because you are subscribed to the Google Groups
> "OWASP Java HTML Sanitizer Support" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to owasp-java-html-saniti...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.