Closed kjeyakanthan closed 10 months ago
Could you please share the version number?
Its 3.0.5. I will try with 3.0.6 as well
Hmmm, upon having a closer look, this should either throw an error (undefined entity, Firefox) or result in different output (Chrome).
What speaks against just using HTML? The XHTML is not really valid - hence what you get back is mangled.
Due to the fact the output is used as parameter in an XSLT transform, the data has to be in XML format (XHTML).
I see, however, the data you shared in the original post is not using valid XML. So, this is kind of a bit contradictory :)
At the end of the day, it's the browser or JSDOM transforming what comes in before we even start sanitizing, so I believe it's not our bug or much we can do here.
Background & Context
We are trying to sanitize user input from a KendoUI Editor component which outputs in XHTML which is later used in a XSL document. The config used is { PARSER_MEDIA_TYPE: 'application/xhtml+xml' }
Bug
Input
<p>abcd</p><p>abcd defg</p><p>efgh</p>
Given output
<p>abcd</p><p></p>
Expected output
<p>abcd</p><p>abcd defg</p><p>efgh</p>