Comment #3 on issue 62 by sa3ruby: Sanitizer does not allow stripping of tags http://code.google.com/p/html5lib/issues/detail?id=62
My inclination is to flip this entirely. It seems inconsistent that evil CSS is stripped, and unknown attributes are stripped, but unknown elements are escaped, and escaped poorly (what happens if an attribute for this element has a double quote in it?). I mean, who wants to see <object> tags. It is bad enough that YouTube videos are stripped, but rubbing salt in the would by showing a bunch of gibberish seems entirely unnecessary. I'd suggest a expose_disallowed_elements=False class variable which can be set to True if somebody really wants the current behavior. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "html5lib-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/html5lib-discuss?hl=en-GB -~----------~----~----~----~------~----~------~--~---
