Closed stianolsen closed 5 months ago
I've created a property EncodeComment
to customize the encoding of comments similar to what has been done for #511. Watch out for possible bypasses if you override the default behavior (see https://github.com/mganss/HtmlSanitizer/security/advisories/GHSA-43cp-6p3q-2pc4).
Releases are 8.0.838 and 8.1.839-beta.
In one of the later releases, there was a change which made some characters like < and >, be encoded if they were found within a HTML comment. We experience that this breaks MSO conditional comments, which uses HTML comment to "hide" the Outlook specific parts. For example this:
becomes the following after being sanitized:
and Outlook does not seem to understand when the HTML within the conditional comment is encoded. Is there anything that can be done with this?