I am using caja-sanitizer to sanitize some HTML.
For e.g.
<li class="abc xyz" data-type="zzz" data-new-tab="false">
<div class="media">
<a class="class 1 class 2" href="No javascripg link">
>"<img src="xxx"
onerror="javascript:alert(1);"_><
</a>
</div>
</li>
for some reason Caja sanitizer removed all the data-attributes which were
present.
Output:
*<li class="abc xyz">*
<div class="media">
<a class="class 1 class 2" href="No javascripg link">
>"<img src="xxx"
onerror="javascript:alert(1);"_><
</a>
</div>
</li>
All the data-attributes were safe and valid, Is there a way to customize
sanitizer to not do that ?
--
---
You received this message because you are subscribed to the Google Groups
"Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
