ok - we have invalid/insecure tag in html, like:
foo <a onclick="alert('alert');">bar</a>
now resulting string will be only: "foo"
would be nice to decide beteween options:
1. totaly remove <a> tag (like now), so result is just "foo"
2. remove only invalid attributes, so the result is "foo <a>bar</a>"
3. remove <a> tag, but keep its inner html: "foo bar"
Original issue reported on code.google.com by maciej.l...@gmail.com on 31 Jan 2014 at 7:54
Original issue reported on code.google.com by
maciej.l...@gmail.comon 31 Jan 2014 at 7:54