search

OWASP / java-html-sanitizer

Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
Other
843 stars 213 forks source link

CSS 3 and 4 not supported #242

Open lauralanwu opened 2 years ago

lauralanwu commented 2 years ago

As reported in other issues, CSS 3 and 4 properties are not defined in DEFINITIONS in https://github.com/OWASP/java-html-sanitizer/blob/main/src/main/java/org/owasp/html/CssSchema.java

is there a reason to map the DEFINITIONS to lower level CSS? any plan to add CSS 3/4 support or allow customized definitions.

Thanks, Laura

isapir commented 2 years ago

This causes a major issue for us as styles like flex etc. are removed.

There should be a way to allow all CSS properties IMO.