CSS3 and HTML 5 support

[sakha...@gmail.com]

Hi,
Does OWASP HTML Sanitizer support HTML5 or CSS3 functions like translate(0, 20%) ?

Thanks & Regards,
Salman

[Mike Samuel]

HTML 5 is a moving target, but yes, that's the specification we track and try to update data tables for new tags/attributes as their security consequences become clear.

Per CSS transform, I don't think it's in yet partly because things that can break visual containment can lead to trusted-path problems.

But if you have a specific use case in mind, file a bug and I'll look into it.  It probably won't make it into the default CSS set though.

--
You received this message because you are subscribed to the Google Groups "OWASP Java HTML Sanitizer Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-java-html-saniti...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[akte...@gmail.com]

Thanks Mike for the response. 

We needed this as we have a place where users can create there HTML5 pages and this gets shown to other users, we just wanted the styling the the user gave to be preserved and other handler functions removed, for the same we were using Sanitizers but with functions like transform and rotate things have started breaking up. 

Thanks & Regards,

Salman

To unsubscribe from this group and stop receiving emails from it, send an email to owasp-java-html-sanitizer-support+unsubscribe@googlegroups.com.