OWASP Java HTML Sanitizer Change Log
- Better handling of supplementary codepoints to avoid
UTF-16/UCS-2 confusion in browsers.
- Added new HTML5 URL attributes to list used to
safeguard URL attributes in
HtmlPolicyBuilder
.
- Changed
HtmlSanitizer.sanitize
to allow
null
as a valid value for the HTML snippet.