Text alternative in video-element
39 views
Skip to first unread message
Johannes Lichtenberger
Sep 8, 2015, 10:08:56 AM9/8/15
to OWASP Java HTML Sanitizer Support
Hello,
I have the following policy:
/**
* Allow media elements/attributes.
*/
public static final PolicyFactory MEDIA = new HtmlPolicyBuilder().allowElements("video", "audio", "source")
.allowAttributes("controls", "width", "height").onElements("video").allowAttributes("controls")
.onElements("audio").allowAttributes("src", "type").onElements("source").allowTextIn("video", "audio")
.toFactory();
and the HTML content I want to sanitize (all whitelisted content) is:
<p><video controls="controls" width="300" height="150">
<source src="media/video/small.webm" type="video/webm" />
<source src="media/video/small.mp4" type="video/mp4" />
<source src="media/video/small.ogv" type="video/ogg" />
<source src="media/video/small.3gp" type="video/3gp" />
Your browser does not support the video tag.</video></p>
But it seems character content within the video-element is never permitted (contents-member field is 0, probably it should be != 0?). Should be valid to have an alternative text I guess.
kind regards
Johannes
I have the following policy:
/**
* Allow media elements/attributes.
*/
public static final PolicyFactory MEDIA = new HtmlPolicyBuilder().allowElements("video", "audio", "source")
.allowAttributes("controls", "width", "height").onElements("video").allowAttributes("controls")
.onElements("audio").allowAttributes("src", "type").onElements("source").allowTextIn("video", "audio")
.toFactory();
and the HTML content I want to sanitize (all whitelisted content) is:
<p><video controls="controls" width="300" height="150">
<source src="media/video/small.webm" type="video/webm" />
<source src="media/video/small.mp4" type="video/mp4" />
<source src="media/video/small.ogv" type="video/ogg" />
<source src="media/video/small.3gp" type="video/3gp" />
Your browser does not support the video tag.</video></p>
But it seems character content within the video-element is never permitted (contents-member field is 0, probably it should be != 0?). Should be valid to have an alternative text I guess.
kind regards
Johannes
Mike Samuel
Dec 24, 2015, 10:43:23 PM12/24/15
to owasp-java-html-...@googlegroups.com
Sorry I missed this.
Seems reasonable.
Filed https://github.com/OWASP/java-html-sanitizer/issues/53 to track.
> --
> You received this message because you are subscribed to the Google Groups
> "OWASP Java HTML Sanitizer Support" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to owasp-java-html-saniti...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Seems reasonable.
Filed https://github.com/OWASP/java-html-sanitizer/issues/53 to track.
> You received this message because you are subscribed to the Google Groups
> "OWASP Java HTML Sanitizer Support" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to owasp-java-html-saniti...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages