I am trying to properly configure owasp HtmlPolicyBuilder so that it does not remove a href tel from a sample String like this <p><a href="tel:8888888888">Phone number</a></p>. This is what I have currently:
PolicyFactory policy = new HtmlPolicyBuilder()
.allowCommonBlockElements()
.allowStandardUrlProtocols()
.allowElements("a")
.allowAttributes("href").onElements("a")
.toFactory();
But what I end up with after using this is just: <p>Phone number</p>. a href is completely removed.
What else needs to be added/modified?
I just figured out what I am missing:
.allowUrlProtocols("tel")