OWASP Java HTML Sanitizer Change Log

  1. Better handling of supplementary codepoints to avoid UTF-16/UCS-2 confusion in browsers.
  2. Added new HTML5 URL attributes to list used to safeguard URL attributes in HtmlPolicyBuilder.
  3. Changed HtmlSanitizer.sanitize to allow null as a valid value for the HTML snippet.