In addition to Chirag's pointer, programmatically, if you're looking for html attributes that take URIs, the attributes returned by com.google.caja.lang.html.HtmlSchema that take a uri have .getType() === HTML.Attribute.Type.URI.
The default list is derived from the w3c spec and I'd rather avoid recreating the list ad hoc. On 2010/07/16 16:06:49, chirag wrote:
The Caja UrlPolicy document has a nice list of HTML attributes that
can be
rewritten.
http://code.google.com/p/google-caja/wiki/UrlPolicy
On 2010/07/16 13:38:45, Kuntal Loya wrote: > The AbsolutePathReferenceVisitor and the ProxyingContentVisitor
should bypass
> the embed and the object tags for now. > The src attribute of input and background attribute of body should
be
rewritten.
http://codereview.appspot.com/1806044/show
