search

OWASP / java-html-sanitizer

Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
Other
849 stars 214 forks source link

Fix : CSS Child Combinator Parsing Bug #297

Closed subbudvk closed 8 months ago

subbudvk commented 9 months ago

https://github.com/OWASP/java-html-sanitizer/commit/241b4b8a6cd37c486b36f12fc135a018881c3e4a#diff-0a08f29a5b7867e56d6aa9f6abe035e32ee9411a8bc96afa9a6acff2a6d6f07fR338

The above commit was made to make parsing consistent with HTML5 Spec, but while this is being rewritten it looks like a regression was introduced when parsing for >

To ensure this entity > is part of a HTML Comment it seems to have been checked the previous two characters are - but with this commit only char - 2 is checked twice. So if a CSS Child combinator with - selector is used, it was treated was a error and as a result user CSS was badly stripped. Fixing this and adding a test for it.

Fixes https://github.com/OWASP/java-html-sanitizer/issues/251

subbudvk commented 9 months ago

@mikesamuel @jmanico

log2akshat commented 8 months ago

@subbudvk Thanks for fixing the bug.