Normal text returned as HTML decoded value

mganss / HtmlSanitizer

Cleans HTML to avoid XSS attacks

MIT License

1.55k stars 200 forks source link

Normal text returned as HTML decoded value #386

Closed vishal6code closed 2 years ago

vishal6code commented 2 years ago

When we use the input - statement &paragraph , it is returned in HTML encoded format as - statement ¶graph instead of the complete text. This can also be tested in https://xss.ganss.org/

mganss commented 2 years ago

This is expected behavior: See #190 and #362.