python (65.1k questions)

javascript (44.2k questions)

reactjs (22.7k questions)

java (20.8k questions)

c# (17.4k questions)

html (16.3k questions)

r (13.7k questions)

android (12.9k questions)

Questions - html-sanitizing

Allow a href links to phone number in owasp HtmlPolicyBuilder

I am trying to properly configure owasp HtmlPolicyBuilder so that it does not remove a href tel from a sample String like this <p><a href="tel:8888888888">Phone number</a>&...
test-img

Joanna

java

owasp

html-sanitizing

Votes: 0

Answers: 1

Latest Answer

I just figured out what I am missing: .allowUrlProtocols("tel")
test-img

Joanna

How to allow all font-family values on sanitize-html?

Hi, Im using sanitize-html and I want to allow any value for font-family so Im doing this: var cleanmsg = sanitizeHtml(rawmsg, { allowedTags: [ 'span' ] allowedAttributes: { 'spa...
test-img

Cain Nuke

node.js

html-sanitizing

Votes: 0

Answers: 1

Latest Answer

you can use regex format 'font-family': [/.*/]
test-img

rusbon

Rails Custom Scrubber which *modifies* PermitScrubber default behavior

If one uses Rails::Html::PermitScrubber and doesn't specify a value for tags or attributes it defaults to using reasonable defaults from Loofah::HTML5::Scrub. However, as soon as you set tags or attr...
test-img

Peter Gerdes

ruby-on-rails

ruby

html-sanitizing

Votes: 0

Answers: 1

Latest Answer

I guess you can just subclass Rails::Html::PermitScrubber and override keep_node? to get needed behavior (not changing code path if tags are present). The code of original keep_node? is def keep_nod...
test-img

Pavel Oganesyan

Posts

Questions

Blogs

Jobs