Installs custom attribute policies for the attributes provided in the list.
This can be used either on non-whitelisted attributes, effectively extending
the attribute whitelist, or on attributes that are whitelisted and already
have a policy, to override their policies.
IMPORTANT: Uses of this method must be carefully security-reviewed to ensure
that the new tags do not introduce untrusted code execution or unsanctioned
network activity.
| Parameters | | justification | goog.string.Const | | A constant string explaining why
the addition of these attributes to the whitelist is safe. May include a
security review ticket number.
| | builder | goog.html.sanitizer.HtmlSanitizer.Builder | | The builder
whose attribute whitelist should be extended.
| | attrs | Array<(string|{attributeName: string, policy: (function(string, {attributeName: (string|undefined), cssProperty: (string|undefined), tagName: (string|undefined)}=, {cssStyle: (CSSStyleDeclaration|null|undefined)}=, function(string, ?=, ?=, ?=): (string|null)=): (string|null)|null), tagName: string})> | | A list of attributes whose policy should be overridden. Attributes
can come in of two forms:
- string: allow all values and just trim whitespaces for this attribute
on all tags.
- HtmlSanitizerAttributePolicy: allows specifying a policy for a
particular tag. The tagName can be '*', which means all tags. If no
policy is passed, the default is allow all values and just trim
whitespaces.
The tag and attribute names are case-insensitive.
|
|
|---|
| Returns | |
|---|