What steps will reproduce the problem?
1. Input string is "<p><strong>Support</strong> </p><script
type='text/javascript'>alert('Support Contact');></script>"
2. In policy file, define tag rule for script tag as <tag name="script"
action="encode"/>
3. Run AntiSamy sanitizer against above specified input.
What is the expected output? What do you see instead?
Actual: <p><strong>Support</strong> </p><script
type="text&#47;javascript">alert('Support
Contact');></script>
Expected: <p><strong>Support</strong> </p><script
type="text/javascript">alert('Support Contact');></script>
What version of the product are you using? On what operating system?
Antisamy 1.4.4 OS: Windows XP
Please provide any additional information below.
This issue happens with all attribute values containing special characters and
for tag which is defined with action as encode.
Original issue reported on code.google.com by prashant...@gmail.com on 4 Dec 2014 at 9:40
Original issue reported on code.google.com by
prashant...@gmail.com
on 4 Dec 2014 at 9:40