How to allow url protocol for a specific tag alone.
40 views
Skip to first unread message
Praveen kumar
Mar 6, 2018, 9:31:10 AM3/6/18
to OWASP Java HTML Sanitizer Support
I have a case where I need to allow "cid" protocol only to img tags and not the other.
Mike Samuel
Mar 6, 2018, 10:24:11 AM3/6/18
to OWASP Java HTML Sanitizer Support
Does the url classifier attribute predicate in PR 126 do what you need?
| /** | |
| * Filters out values which are not valid URLs that match the given | |
| * classifier. | |
| * | |
| * <p>When this is provided, the | |
| * {@linkplain HtmlPolicyBuilder#allowUrlProtocols allowed URL protocols} | |
| * and {@linkplain HtmlPolicyBuilder#disallowUrlProtocols | |
| * disallowed URL protocols} | |
| * are <b>not</b> applied in preference of the | |
| * {@linkplain org.owasp.url.UrlClassifierBuilder#scheme scheme whitelist} | |
| * implicit in the classifier. | |
| */ | |
| public AttributeBuilder matching(UrlClassifier classifier) { | |
| return matching(new UrlClassifierAttributePolicy(classifier)); | |
| } |
On Tue, Mar 6, 2018 at 4:11 AM, Praveen kumar <prave...@gmail.com> wrote:
I have a case where I need to allow "cid" protocol only to img tags and not the other.
--
You received this message because you are subscribed to the Google Groups "OWASP Java HTML Sanitizer Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-java-html-sanitizer-support+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages