When passing html entities along with html tags, the html entities are converted into specific characters.

cure53 / DOMPurify

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

https://cure53.de/purify

Other

13.97k stars 723 forks source link

When passing html entities along with html tags, the html entities are converted into specific characters. #818

Closed o251298 closed 1 year ago

o251298 commented 1 year ago

Hello, I am using version "dompurify@2.2.9". When passing html entities along with html tags, the html entities are converted into specific characters. Example: input: Rodzaje zacieraczek do tynków i ich charakterystyka;

expected: Rodzaje zacieraczek do tynków i ich charakterystyka actual: Rodzaje zacieraczek do tynków i ich charakterystyka

o251298 commented 1 year ago

Input Output

cure53 commented 1 year ago

That is likely what either the browser or jsdom do internally, and nothing we can easily handle. If you want to change the behavior, I recommend to check what can be done using a hook.