<hr />Hello<h1>OK</h1><blink>evil</blink><script>alert('Evil');</script>
However, this produces the following sanitised html:
<hr />Hello<h1>OK</h1>evil
The disallowed tag <blink> has indeed been removed, but is it possible to configure the HtmlPolicyBuilder to remove not just the disallowed tags, but the content *inside* the tags as well? The client wants to see just:
<hr />Hello<h1>OK</h1>
Many thanks,
Henry.
--
You received this message because you are subscribed to the Google Groups "OWASP Java HTML Sanitizer Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-java-html-saniti...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.