java-html-sanitizer icon indicating copy to clipboard operation
java-html-sanitizer copied to clipboard

Published 20 hours ago verified publisher icon OWASP

"<" symbol with text inputs getting cleared, after applied the sanitize

Open SasiprabuK opened this issue 3 years ago • 3 comments

Given inputs cleared, after apply sanitize for "<" with text inputs

Dependency - owasp-java-html-sanitizer version - 20200713.1

String inputText = "Sanitize <Data Check"; Policy policy = new HtmlPolicyBuilder().toFactory(); String result = policy.sanitize(inputText);

output: Actual: Sanitize <Data Check ==> (After sanitize) ==> Sanitize <Data Check - after the < symbol with further text inputs cleared completely. Expected: "Sanitize <Data Check" I have checked with latest version too. but, still same issue occurred. Please guide me, to solve this scenario.

SasiprabuK avatar Oct 20 '22 05:10 SasiprabuK

I think not showing this is the right behavior try load it on a browser and it will not show it. Maybe what you need to do for text is using &lt; instead of <.

ThaKarakostas avatar Oct 24 '22 09:10 ThaKarakostas

If you have plain text, you might need not to sanitize HTML but to escape HTML special characters.

csware avatar May 31 '23 14:05 csware

cf. issue #240

csware avatar May 31 '23 14:05 csware