Is it possible to log or throw an error on an invalid tag instead of silently sanitize it?

[Will Herrmann]

Say that I have an HTML block like this:

<foo><b>Hello</b></foo>

If I run I sanitize it (say with Sanitizers.FORMATTING.sanitize(html)), then it happily removes the <foo> tags, and doesn't even do any sort of logging.

Is it possible to log, or even throw an error when encountering an invalid tag instead of silently sanitizing it?

[Mike Samuel]

PolicyFactory.apply takes an HtmlChangeListener which should let you do what you need.  Specifically

void	discardedTag(T context, String elementName) Called when a tag is discarded from the input.

--
You received this message because you are subscribed to the Google Groups "OWASP Java HTML Sanitizer Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-java-html-saniti...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Will Herrmann]

Thanks, that does exactly what I'm looking for!

To unsubscribe from this group and stop receiving emails from it, send an email to owasp-java-html-sanitizer-support+unsubscribe@googlegroups.com.