HTML 5 is a moving target, but yes, that's the specification we track and try to update data tables for new tags/attributes as their security consequences become clear.
Per CSS transform, I don't think it's in yet partly because things that can break visual containment can lead to trusted-path problems.
But if you have a specific use case in mind, file a bug and I'll look into it. It probably won't make it into the default CSS set though.
--
You received this message because you are subscribed to the Google Groups "OWASP Java HTML Sanitizer Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-java-html-saniti...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-java-html-sanitizer-support+unsubscribe@googlegroups.com.