search

mganss / HtmlSanitizer

Cleans HTML to avoid XSS attacks
MIT License
1.52k stars 198 forks source link

Sanitizing HTML throws an exception #469

Closed Sicos1977 closed 9 months ago

Sicos1977 commented 9 months ago

Hi,

I'm using the latest version that is on NuGet. When I try to sanitize the attached HTML it throws the following exception

at System.Text.StringBuilder.Append(String value, Int32 startIndex, Int32 count) at Ganss.Xss.HtmlSanitizer.SanitizeStyleDeclaration(IElement element, ICssStyleDeclaration styles, String baseUrl) at Ganss.Xss.HtmlSanitizer.SanitizeStyle(IElement element, String baseUrl) at Ganss.Xss.HtmlSanitizer.DoSanitize(IHtmlDocument dom, IParentNode context, String baseUrl) at Ganss.Xss.HtmlSanitizer.SanitizeDom(IHtmlDocument document, IHtmlElement context, String baseUrl) at ChromiumHtmlToPdfLib.Helpers.DocumentHelper.SanitizeHtml(ConvertUri inputUri, HtmlSanitizer sanitizer, ConvertUri& outputUri, List`1& safeUrls) in C:\XXXXX\ChromiumHtmlToPdf\ChromiumHtmlToPdfLib\Helpers\DocumentHelper.cs:line 269

mganss commented 9 months ago

Thanks for reporting this. Fixed in 8.0.718 and 8.1.719-beta.