search

OWASP / java-html-sanitizer

Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
Other
834 stars 209 forks source link

"<" symbol with text inputs getting cleared, after applied the sanitize #276

Open SasiprabuK opened 1 year ago

SasiprabuK commented 1 year ago

Given inputs cleared, after apply sanitize for "<" with text inputs

Dependency - owasp-java-html-sanitizer version - 20200713.1

String inputText = "Sanitize <Data Check"; Policy policy = new HtmlPolicyBuilder().toFactory(); String result = policy.sanitize(inputText);

output: Actual: Sanitize <Data Check ==> (After sanitize) ==> Sanitize <Data Check - after the < symbol with further text inputs cleared completely. Expected: "Sanitize <Data Check" I have checked with latest version too. but, still same issue occurred. Please guide me, to solve this scenario.

ThaKarakostas commented 1 year ago

I think not showing this is the right behavior try load it on a browser and it will not show it. Maybe what you need to do for text is using &lt; instead of <.

csware commented 1 year ago

If you have plain text, you might need not to sanitize HTML but to escape HTML special characters.

csware commented 1 year ago

cf. issue #240