Configuring exclusions for `Encode.forHtml()`
sgsvnk opened this issue · 5 comments
Hi
I'm trying to exclude a few HTML tags from getting encoded through Encode.forHtml()
. If I understand correctly, the encoder encodes all HTML tags within HTML contexts. Can you please help me understand if I can configure the encoder to exclude a list of HTML tags?
Sorry for the delayed reply. It sounds like you are looking more for something like an HTML sanitizer like DOM Purify - https://github.com/cure53/DOMPurify
I wanted to do something on the server side, which is Java in my case. I was exploring DOMPurify
but I will either have to do on an intermediate NodeJS server or on the front-end, and I can do neither in my case.
Thanks for your support. I needed to do this server side, I ended up using owasp-html-sanitizer
as suggested.