Sanitation check for HTML content not strict enough

openlink / structured-data-sniffer

The Openlink Structured Data Sniffer (OSDS) is a plugin for the Chrome, Firefox and Opera browsers that detects and shows structured data embedded in web pages in either JSON-LD, Microdata, RDFa or Turtle format.

http://osds.openlinksw.com/

GNU General Public License v2.0

121 stars 22 forks source link

Sanitation check for HTML content not strict enough #2

Closed deiu closed 8 years ago

deiu commented 8 years ago

There's some missing sanitation/escaping of HTML in certain case, such as for schema:mainContentOfPage objects.

For example, using the plugin on the page at https://github.com/deiu/html-sanitation/blob/master/README.md displays the select element generated by the keygen element.

openlink commented 8 years ago

Development is looking into this issue now.

smalinin commented 8 years ago

Will be fixed in ver:2.3.0