check html special letter in StandardUrlAttributePolicy

OWASP / java-html-sanitizer

Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.

Other

843 stars 213 forks source link

Closed yangbongsoo closed 3 years ago

yangbongsoo commented 3 years ago

@saaspeter @mikesamuel

how about check the html special letters ex &#97

mikesamuel commented 3 years ago

I thought issue #213 was not an actual vulnerability.

yangbongsoo commented 3 years ago

I agree with you. I wanted to show you that this PR code can filter it. But I don't think this task is very necessary either.

I'll close this PR.