I'm using Google Caja on the client side to sanitize HTML for security purposes. However, the styles of different elements are not the same as the ones I'm receiving before being sanitized. I need to keep what's within the tags and I'm trying to figure out how.
As an example, I receive the following HTML:
<div>
<style>
.btn-active {
background-color: green;
}
</style>
<script> alert('Blah');</script>
<a class="btn-active"></a>
</div>
And html_sanitize(bodyHtml, urlX, idX); returns:
<div>
<a class="btn-active"></a>
</div>
Ideally, I want to keep the style tags with everything else the same. Like so.
<div>
<style>
.btn-active {
background-color: green;
}
</style>
<a class="btn-active"></a>
</div>
I've been trying to find a solution everywhere but I can't. I've also looked at the documentation, implemented a custom policy, but even then I can't control the script tags from getting deleted.
Is there a way to do this with Google Caja?