khemais menzli / PreSales Director
kme...@exoplatform.com / (216) 28 71 47 24
eXo Platform
Tunisia
http://www.exoplatform.com
This e-mail message may contain confidential or legally privileged information and is intended only for the use of the intended recipient(s). Any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is prohibited. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, or contain viruses. Anyone who communicates with us by e-mail is deemed to have accepted these risks. eXoPlatform is not responsible for errors or omissions in this message and denies any responsibility for any damage arising from the use of e-mail. Any opinion and other statement contained in this message and any attachment are solely those of the author and do not necessarily represent those of the company.
No. The sanitizer strips all comments since comments are often used by obscure and relatively poorly tested browser features to carry code.
What's in these comments that you need to preserve?
--
You received this message because you are subscribed to the Google Groups "OWASP Java HTML Sanitizer Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-java-html-sanitizer-support+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No. The sanitizer strips all comments since comments are often used by obscure and relatively poorly tested browser features to carry code.
What's in these comments that you need to preserve?
Le vendredi 16 septembre 2016 18:57:56 UTC+1, Mike Samuel a écrit :No. The sanitizer strips all comments since comments are often used by obscure and relatively poorly tested browser features to carry code.
What's in these comments that you need to preserve?
In my platform we used a wiki module (based on xwiki syntax) in which comment are requiredWhy not having an option to enable/desable stiping comment based on the context where the sanitier is running?
khemais menzli / PreSales Director
kme...@exoplatform.com / (216) 28 71 47 24
eXo Platform
Tunisia
http://www.exoplatform.com
This e-mail message may contain confidential or legally privileged information and is intended only for the use of the intended recipient(s). Any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is prohibited. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, or contain viruses. Anyone who communicates with us by e-mail is deemed to have accepted these risks. eXoPlatform is not responsible for errors or omissions in this message and denies any responsibility for any damage arising from the use of e-mail. Any opinion and other statement contained in this message and any attachment are solely those of the author and do not necessarily represent those of the company.
On Wed, Sep 21, 2016 at 5:34 AM, Khemais Menzli <kme...@exoplatform.com> wrote:
Le vendredi 16 septembre 2016 18:57:56 UTC+1, Mike Samuel a écrit :No. The sanitizer strips all comments since comments are often used by obscure and relatively poorly tested browser features to carry code.
What's in these comments that you need to preserve?
In my platform we used a wiki module (based on xwiki syntax) in which comment are requiredWhy not having an option to enable/desable stiping comment based on the context where the sanitier is running?If untrusted users are authoring wiki content, can you run the sanitizer on the output of the wiki->html converter.