search

OWASP / java-html-sanitizer

Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
Other
849 stars 214 forks source link

Issue when using < as a the comparaison string #240

Open adelebendayan opened 2 years ago

adelebendayan commented 2 years ago

Hi, Is there a way to sanitize something like If b is 0 and a is 1 then b<a ? the sanitizer recognize <a as an html tag, and it looks like it's adding the closing tag and then it's going through the sanitizer, so something like

String entryText = "If b is 0 and a is 1 then b<a";
Policy policy = new HtmlPolicyBuilder().toFactory();
String result = policy.sanitize(entryText);

will return If b is 0 and a is 1 then b I'm expecting If b is 0 and a is 1 then b&lt;a

(note that if the entry text is If b is 0 and a is 1 then b< a then the result is as expected If b is 0 and a is 1 then b&lt; a)

csware commented 1 year ago

If you have plain text, you might need not to sanitize (valid) HTML but to escape HTML special characters.

csware commented 8 months ago

Duplicate of issue #173?