Sanitizers.STYLES not working as advertised about java-html-sanitizer HOT 6 CLOSED

fixed at r229

This issue does not seems to be fixed properly. Try to test with span element 
with no attribute.

"<span> span text </span>"

or with attribute that is not explicitly allowed. 

"<span class="redtext"> span text </span>"

In both case, the span element will be removed even you add 
Sanitizer.FORMATTING or add span to allowed elements manually.

James

Sanitizers.FORMATTING does not white-list class attributes.

Mike

Thank you for the reply. 

But still the empty span element should be allowed with Sanitizers.FORMATTING 
which in fact is not. 

This library works amazing and help us a lot with our work .Thanks for the hard 
work.

James

<span> is, by default, one of the elements that is disallowed without 
attributes.

Certain elements, <img> and <a> for example, are dropped if they have no 
attributes that survive white-listing.  This prevents <img>s with rejected 
src="..."s from showing up as broken.

https://code.google.com/p/owasp-java-html-sanitizer/issues/detail?id=23 shows 
how to workaround this if you really want attribute-less <span>s in your output.

I think that makes sense. 

Thank you for your reply. Have a good day.