On Wed, Mar 11, 2015 at 6:34 PM, anil chaurasia <[email protected]> wrote:
> for some reason Caja sanitizer removed all the data-attributes which were > present. > > All the data-attributes were safe and valid, Is there a way to customize > sanitizer to not do that ? > Unfortunately, there's no way to just turn this on, and the HTML whitelist/schema doesn't have a wildcard feature. So it will require some code no matter what. This could be implemented by changing the *tag policy* (in fact, the full Caja sandbox does so with some caveats). See the functions makeTagPolicy, and sanitizeAttribs which it uses, in html-sanitizer.js. You could supply a custom tag policy which does this. Or, if you're interested in contributing a patch to the existing sanitizeAttribs function which enables data-* attributes for everyone, I'd be happy to accept it. -- --- You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
