Extra characters got added during sanitization of html

OWASP / java-html-sanitizer

Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.

Other

834 stars 209 forks source link

Extra characters got added during sanitization of html #261

Closed arpitbansal1581 closed 2 years ago

arpitbansal1581 commented 2 years ago

Thanks for reporting an issue.

Please report security vulnerabilities via OWASP's vulnerability rewards program.

Please report all other feature requests and issues here.

For bugs, please include

any input that causes the problem
any policy code related to the problem if you can
the output you expect

If you're having trouble putting HTML in markdown, try using an HTML code block:

```html
HTML goes here

arpitbansal1581 commented 2 years ago

Hi,

We are using this owasp-java-html-sanitizer-20211018.2.jar library for sanitization of the custom generated HTML, we came across the following situation when we got extra characters in html code as during sanitization.

Input -> {1:F21TEMPBIC}{4:{177:2203031005}{451:0}}{{311:ACK}{108:MA33A03110SZ0TFC}} Output -> {1:F21TEMPBIC}{4:{177:2203031005}{451:0}}{ {311:ACK}{108:MA33A03110SZ0TFC}}

It will be great if someone can guide me on how to handle this situation or it can be considered as an enhancement or bugfix.

arpitbansal1581 commented 2 years ago

Not properly raised , need to reopen new one