Closed lread closed 2 years ago
Aha! It was a newbie question!
For my above use case, I now see that I can
allowUrlProtocols
or allowStandardUrlProtocols
allowAttributes
(on for example href
) matching
with FilterUrlByProtocolAttributePolicy
which specifies the protocols I'd like to allow (for example http
, https
and mailto
) onElements
(for example a
).Which allows me to express my use case nicely.
Thanks!
First and foremost, thanks so much for creating the java-html-sanitizer. Such a nice and useful contribution to the open-source world!
My Question
I'm not sure if this is a valid, or merely a newbie, question. My apologies if it is the latter.
I'm experimenting with implementing a policy that restricts URL protocols differently for different HTML elements->attributes.
As far as I can tell, the default support is applying allowed URL protocols globally. Is that right?
For example, can I somehow use
allowUrlProtocols
to express that I'd like to:http
,https
andmailto
forhref
ona
elements,http
andhttps
forsrc
onimg
elements?Maybe this is not an interesting thing to do, I'm not sure. I got the idea that it might be interesting when looking at the html-pipeline sanitization filter.