Closed GoogleCodeExporter closed 8 years ago
Yes, this is really intended behavior. The greater-than signs used in the
comparisons
appear to AntiSamy like they're unknown HTML tags, or even a fragmented HTML
attack
meant to bypass attack signatures.
If this is the type of data you're expecting (not HTML) you're better off with a
strictly HTML-encoding function, like encodeForHTML() in the OWASP ESAPI
project.
Original comment by arshan.d...@gmail.com
on 23 Mar 2010 at 6:29
Original issue reported on code.google.com by
ulf.ekst...@gmail.com
on 17 Mar 2010 at 11:52