如何使用Antisamy允许所有SVG元素及其属性?

时间:2014-09-17 09:20:23

标签: java html security xss antisamy

我想使用Antisamy允许所有svg元素及其属性。我怎么做?我尝试在Antisamy策略文件中包含所有元素及其属性,并将正则表达式设置为允许任何字符串为。*。但是我收到以下错误消息

The svg tag contained an attribute that we could not process. 
The xmlns attribute had a value of "\"http://www.w3.org/2000/svg\"". 
This value could not be accepted for security reasons. We have chosen to remove this attribute from the tag and leave everything else in place so that we could process the input.

The width attribute had a value of "\"593\"". This value could not be accepted for security reasons.

还有许多其他标签的错误消息。有没有什么方法可以允许这些标签而不在策略文件中添加所有这些标签?

对此有任何帮助将不胜感激。谢谢!

0 个答案:

没有答案