I checked out OWASP, and it seems like it's too aggressive with CSS sanitizing for my purposes. Maybe I could run the javascript sanitizer on the server if it's similar to Caja treatment of CSS.
For now, I'm going to go forward with my plan of overriding the HtmlSchema to disallow script-related attributes because I already have caja integrated and working nicely. -- --- You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
