Menu
I have application where customer can store following html lines in order to load different styles for actual browser:
<!--[if IE 6]><link rel="stylesheet" type="text/css" media="all" href="default/css/general_ie6.css"><![endif]-->
<!--[if IE 7]><link rel="stylesheet" type="text/css" media="all" href="default/css/general_ie7.css"><![endif]-->
<!--[if IE 8]><link rel="stylesheet" type="text/css" media="all" href="default/css/general_ie8.css"><![endif]-->
Also I've configured OWASP policy to disallow malicious html tags in following way:
new HtmlPolicyBuilder().allowElements("link").allowAttributes("rel", "type", "media", "href").onElements("link").toFactory();
But after sanitation if browser lines are dropped.
Could you please suggest how to configure policy in order to allow storing such content?
507
The OWASP Sanitizer can not be configured to accept these tags. Instead you could use a HTML parser like JSoup to extract these lines before santizing, then add them back in afterwards.
175
There is Issue #1532: Allow comments to be preserved in HTML. Until that feature request, or a similar one, is completed, this is not possible with the HTML sanitizer.
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
