Replies: 2 comments
-
|
Here's what that would look like as a diff: |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
@Frooodle would this be something you’d be open to behind custom-settings flag? Like If so, I can see how you did that to disable sanitation entirely, and try to come up with a suitable pr. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
The current html sanitizer strips
colspan.This is because the underlying library, Java-html-sanitizer Table rules don’t include colspan, rowspan to their whitelist.
There is an open pull request to OWASP java-html-sanitizer to allow colspan, rowspan, to tables in the library, but it’s been open for more than a year.
What are the thoughts on modifying the CustomHtmlSanitizer to allow? colspan is a nice tool to use for inline headers in tables. But I don’t know what the security implications are.
Beta Was this translation helpful? Give feedback.
All reactions