search

OWASP / java-html-sanitizer

Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
Other
833 stars 210 forks source link

Html sanitizer repeatedly adds rel="noopener noreferrer" even if it's pre-exist #306

Closed anudhuri23 closed 5 months ago

anudhuri23 commented 5 months ago

Thanks for reporting an issue.

Please report security vulnerabilities via OWASP's vulnerability rewards program.

Please report all other feature requests and issues here.

### So we are using OWASP/java-html-sanitizer to sanitize the html. It adds noopener noreferrer everytime we sanitize it. It should not add noopener noreferrer if it's already exists in the HTML.

Also note that we have already upgraded the jar to latest one i.e owasp-java-html-sanitizer-20220608.1.jar

For bugs, please include Input

www.bbbbbbb.com

Output I am getting right now

www.bbbbbbb.com

Expected output

www.bbbbbbb.com

### Note I found similar issue https://github.com/OWASP/java-html-sanitizer/issues/145 here which is very old issue but it's not resolved yet. Hence creating new one. Please help me on resolving it. It's urgent

If you're having trouble putting HTML in markdown, try using an HTML code block:

mikesamuel commented 5 months ago

Fixed in e8aa0f1b75ab81eea97ef173fefc023a3e16963d