atkayla
Reputation: 8859
How to relax Google Caja HTML Sanitizer? It's sanitizing too much
I am using Google Caja HTML Sanitizer (https://code.google.com/p/google-caja/wiki/JsHtmlSanitizer), however it is sanitizing things I don't want it to.
Sometimes I want to input data in a format similar to:
Bob <Carpenter>
but this becomes:
Bob
Upvotes: 2
Views: 415
Answers (1)
user149341
Reputation:
Caja sanitizes HTML. <Carpenter> isn't valid HTML. Therefore, it gets sanitized.
If the data you're inputting isn't actually HTML, don't run it through Caja.
Upvotes: 3
Related Questions
- How to allow all font-family values on sanitize-html?
- Sanitise/strip Javascript from HTML
- Sanitize <script> element contents
- node.js \ sanitize html and also remove tags
- How to whitelist tags with Google's Caja HTML Sanitizer under node.js?
- Link sharing - Google Caja HTML Sanitizer
- Cajoling in Server Side
- google caja not building
- Google caja - Block malicious code
- Cleaning mixed type <script> tags