Nice. I’m a big fan of java html sanitizer.
I assume we would be building policies?
Is there a simple way to get an empty policy builder? or would it just be recommended to do something like?
var policyBuild = createObject( "java", "org.owasp.html.HtmlPolicyBuilder" )
add your rules, and then call .toFactory()?
I would recommended that if no policy was passed, that it default to nothing allowed (an empty policy), rather than all the built ins. Ie, imo, it should only allow elements on purpose.