Tags with special characters under certain cirmstances don't seem to be rejected.

[GoogleCodeExporter]

What steps will reproduce the problem?
1.   Try using input like the <b'lockquote>aaaa</b'lockquote> 

What is the expected output? What do you see instead?

I would expect this to be filtered out, but instead it gets turned into 
<b>aaaa</b>

What version of the product are you using? On what operating system?

AntiSamy 1.4.1 using the "myspace" policy. Haven't tried other policies.

Please provide any additional information below.

I don't believe this is a security risk, since even the <b>, etc... still goes 
thru the validation process, but does seems like odd behavior. i.e. 
<bl'ockquote>aaaa</bl'ockquote> gets turned into <bl>aaaa</bl> and is correctly 
rejected. 

Original issue reported on code.google.com by wvinc...@gmail.com on 4 Nov 2010 at 7:19

[GoogleCodeExporter]

Interesting. What OS/JRE?

Original comment by arshan.d...@gmail.com on 15 Nov 2010 at 9:44

[GoogleCodeExporter]

Original comment by arshan.d...@gmail.com on 15 Nov 2010 at 9:44

• Changed state: Accepted

[GoogleCodeExporter]

Windows XP,  JavaSE 1.6.0_02

Original comment by wvinc...@gmail.com on 15 Nov 2010 at 9:50

[GoogleCodeExporter]

I think this is strange but unexploitable behavior. Marking as "WontFix" since 
the questionable behavior occurs in HTML processing by NekoHTML.

Original comment by arshan.d...@gmail.com on 3 Feb 2011 at 8:34

• Changed state: WontFix
• Added labels: Priority-Low
• Removed labels: Priority-Medium