<root>
<tags>
<!--
Collection of tags not changed by sanitizer. Content of elements may still be changed
if contained attributes and protocols are not whitelisted.
Tags not in this collection are HTML encoded so they are rendered by browser as plain text.
-->
<tag>html</tag>
<tag>head</tag>
<tag>meta</tag>
<tag>body</tag>
<tag>a</tag>
<tag>b</tag>
</tags>
<attributes>
<!--
Collection of attributes not removed by sanitizer if they are used in the specified tag.
For example, in this definition, in a "meta" element, only the attributes
"http-equiv" and "content" are allowed.
Input: <meta content="INDEX,NOFOLLOW" name="my_meta"/>
Output: <meta content="INDEX,NOFOLLOW" />
Attributes defined for the special tag ":all" are allowed for any tag in the "tags" collection.
-->
<attribute tag=":all">
<value>style</value>
<value>class</value>
<value>align</value>
</attribute>
<attribute tag="meta">
<value>http-equiv</value>
<value>content</value>
</attribute>
</attributes>
<protocols>
<!--
Collection of protocols not removed by sanitizer if they are used
in the specified attribute and tag.
For example, in this definition, in the "src" attribute of an "img" element,
only "http" and "https" are allowed.
Input: <img src="http://somewebsite.com/a.png" />
Output: <img src="http://somewebsite.com/a.png" />
Input: <img src="ftp://somewebsite.com/a.png" />
Output: <img />
-->
<protocol tag="img" attribute="src">
<value>http</value>
<value>https</value>
</protocol>
<protocol tag="a" attribute="href">
<value>http</value>
<value>https</value>
<value>mailto</value>
</protocol>
</protocols>
</root>