May i know the exact solution to avoid data-attributes getting filtered. Each and every time we are adding manually in xss-protection-config.xml.
For Eg if we have data-src attribute in img tag ,
<img data-src="url"/>
In xss-protection we have added code like below
<tag action="validate" name="img">
<attribute name="src" onInvalid="removeTag">
<regexp-list>
<regexp name="onsiteURL"/>
<regexp name="offsiteURL"/>
</regexp-list>
</attribute>
Is there any permanent fix to avoid data-* attributes getting filtered?