java-html-sanitizer icon indicating copy to clipboard operation
java-html-sanitizer copied to clipboard

Published 20 hours ago verified publisher icon OWASP

Stripping off the contents when the extra comment tag has added with never ending

Open rupeshtelus opened this issue 3 years ago • 3 comments

Hi,

We are using this library in Zimbra for sanitization of the e-mail body and during sanitization of the customer-generated HTML, we came across the following situation when we have extra comment tag in html code (<!--) sanitization is not working as during sanitization, it is not able to parse properly and the whole HTML is stripped off.

image

Actually inside

It will be great if someone can guide me on how to handle this situation or it can be considered as an enhancement or bugfix.

rupeshtelus avatar Apr 08 '22 01:04 rupeshtelus

Can you give us a more detailed test case please?

On Apr 7, 2022, at 6:30 PM, rupeshtelus @.***> wrote:

 Hi,

We are using this library in Zimbra for sanitization of the e-mail body and during sanitization of the customer-generated HTML, we came across the following situation when we have extra comment tag in html code (<!--) sanitization is not working as during sanitization, it is not able to parse properly and the whole HTML is stripped off.

jmanico avatar Apr 08 '22 01:04 jmanico

I have updated the issue with more details @jmanico . If anything more is required you can tell me , Thanks .

rupeshtelus avatar Apr 08 '22 04:04 rupeshtelus

@jmanico -- @rupeshtelus has updated the details of the issue. Can you please take a look and let us know when this can be fixed? Many of our customers are facing this issue and are looking for updates on it.

dawoodshaikh avatar May 19 '22 14:05 dawoodshaikh