andresriancho / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
12 stars 15 forks source link

Antisamy 1.4.5+ replaces blanks with a new line #178

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Pass the string {"A":"B C","D":"EF","G":"H I"} thorugh antisamy version >= 
1.4.5
2.
3.

What is the expected output? What do you see instead?
Expected - 
{"A":"B 
C","D":"EF","G":"H I"}
Actual Output
{"A":"B\nC","D":"EF","G":&quot
;H I"}

The space between B and C is replaced with a new line.

What version of the product are you using? On what operating system?
Have observed this bug right from version 1.4.5 to 1.5.3 . OS is windows 7 
professional

Please provide any additional information below.

Passing the string {"A":"B C","D":"EF","G":"H I"} through antisamy 1.4.5 
replaces the space between B and C with a new line.
{"A":"B C","D":"EF","G":"H I"} => 
{"A":"B\nC","D":"EF","G":&quot
;H I"}
This works fine in 1.4.4.
{"A":"B C","D":"EF","G":"H I"} => {"A":"B 
C","D":"EF","G":"H I"}

works fine on 1.4.5 if the space between H and I is removed
{"A":"B C","D":"EF","G":"HI"} => {"A":"B 
C","D":"EF","G":"HI"}

Original issue reported on code.google.com by anshalm...@gmail.com on 18 Feb 2014 at 5:22

GoogleCodeExporter commented 9 years ago
I had to upgrade antisamy from 1.4.4 recently to use the directive 
entityEncodeIntlChars for i18n . Thats when I observed this bug .This turns a 
valid json to a invalid json .

Original comment by anshalm...@gmail.com on 18 Feb 2014 at 5:24

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
Try to change the formatOutput directive in the policy to false (default seems 
to be true)

<directive name="formatOutput" value="false" /><!-- default: true -->

I'd argue that the default should be false, as I spent a good amount of time 
trying to figure out this error too and I don't believe antisamy should modify 
this for most cases.

Original comment by matt...@longsight.com on 4 Jun 2014 at 6:43