No. Conditional compilation comments can carry payloads. Comments are oft-used by obscure and poorly tested browser extensions so stripping them is the only safe option.
Is it possible to avoid sanitizing commentary tags <!-- some content --> ?
Thank you in advance for your response.
--
You received this message because you are subscribed to the Google Groups "OWASP Java HTML Sanitizer Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-java-html-saniti...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No. Conditional compilation comments can carry payloads. Comments are oft-used by obscure and poorly tested browser extensions so stripping them is the only safe option.
On May 30, 2016 1:06 PM, "Vladimir" <vladimir....@privatbank.ua> wrote:
Is it possible to avoid sanitizing commentary tags <!-- some content --> ?--
Thank you in advance for your response.
You received this message because you are subscribed to the Google Groups "OWASP Java HTML Sanitizer Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-java-html-sanitizer-support+unsubscribe@googlegroups.com.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-java-html-saniti...@googlegroups.com.