On 2010/08/16 23:39:47, tbroyer wrote:
The HtmlSanitizer is a good idea, but the implementation is very weak
[2].
Note that the API is what is important, and SimpleHtmlSanitizer is just that, a simple implementation. A more involved implementation can be added later. Also, we aren't trying to parse HTML with a regex here, it simply looks for opening tags and allows unescaped on a small set of whitelisted tags -- everything else gets escaped. If you think it fails to do its job, can you supply a string which would not be propertly sanitized? http://gwt-code-reviews.appspot.com/771801/show -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
