On Wed, Dec 31, 2014 at 12:34 AM, Dusan Halicky <[email protected]>
wrote:
> I am new to caja. I am using minified version of caja
> (html-sanitizer-minified.js) from current SVN (r5706). How can I remove
> position: absolute? When I call this:
>
> html_sanitize('<div style="position: absolute; left: 0px; top:
> 0px;">test</div>')
>
> It returns:
>
> <div style="position: absolute ; left: 0px ; top: 0px">test</div>
>
> How do I remove it? Thanks.
>
> Also, let's say I only want "<b>" tag and nothing else. How do I only
> allow this tag? Thanks.
>
Unfortunately, the whitelists might as well be hardcoded, because they're
compiled into JS files that then get included in the bundle. The easiest
thing to do is to modify the whitelist data files in a Caja source tree and
build the sanitizer bundle.
The whitelist data is stored in src/com/google/caja/lang/*/*-whitelist.json
— just remove things from the "allowed" lists.
--
---
You received this message because you are subscribed to the Google Groups
"Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
