search

1049884729 / owasp-java-html-sanitizer

Automatically exported from code.google.com/p/owasp-java-html-sanitizer
Other
0 stars 0 forks source link

Single and double quotes encoded in text nodes #18

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Pass an input string with ' or " - for example: <div>And he said, 
"Hello."</div>
2. ' or " characters come back encoded

What is the expected output? What do you see instead?
I would expect that quotes within text nodes don't get encoded.

What version of the product are you using? On what operating system?
r209, Linux

Please provide any additional information below.

I already saw issue 15: 
http://code.google.com/p/owasp-java-html-sanitizer/issues/detail?id=15

To answer the question that wasn't answered in that issue - "How is this 
causing problems though?" - it causes a problem in rich text editors.

We expect that the user can enter text in a rich text editor; this includes 
quotes.  When that data gets stored and returned again in another/the same 
page, they should see the ' or " they entered, not the encoded version of that 
string.

Original issue reported on code.google.com by brian.wy...@oracle.com on 9 Sep 2013 at 3:34

GoogleCodeExporter commented 9 years ago 
Correction: spoke too soon, there is no issue here at all.  Passing the result 
of PolicyFactory.sanitize(string) to our rich text editors works just fine.  
Please close this issue.

Original comment by brian.wy...@oracle.com on 9 Sep 2013 at 9:44

GoogleCodeExporter commented 9 years ago 
I'm glad you figured out your problem.  Happy sanitizing.

Original comment by mikesamuel@gmail.com on 10 Sep 2013 at 1:56