-
```
Right now, DiffPanel converts , and & to their entity equivalents and
\n to a . It reverses that transformation when getOutput is called.
This should prevent any malicious HTML from getting inject…
-
Is it possible to inject `alert('xss')` via translation string or is there sanitization to prevent this? It's not a new issues but I suspect all translations may be vulnerable to attacks like this. Of…
-
`psm` has a table in its README and docs.rs strips the formatting in the table entirely, mangling the README.
-
>Location of security vulnerability : src/lib/utils.ts line 17
>
> Incomplete multi-character sanitization
>
> Severity : high
>
> Rule ID
> js/incomplete-multi-character-sanitization
>
> …
-
### Exposition
I have been working on a project where most translations are plain text strings without HTML. Our team ran into an issue when the translation contained an ampersand character ('&')…
-
### What happened?
In my [The Sky Isles](https://github.com/World-Smiths/the-sky-isles) world and other worlds where the manifest is distributed, it's undesirable for the HTML description to automati…
-
I wonder if snapwebsites has built-in html sanitization feature or how one can achieve this?
-
Hi,
We are using this owasp-java-html-sanitizer-20211018.2.jar library for sanitization of the custom generated HTML, we came across the following situation when we got extra characters in html c…
-
Forwarded you the email:
-
### User Experience
The `` element acts just like the `` (which is currently permitted) but provides a clearer meaning when used on a list of buttons for example. Allowing it would be nice so that li…