java-html-sanitizer
java-html-sanitizer copied to clipboard
OWASP
Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
Hi, We are using the this library in [Zimbra](https://github.com/Zimbra/java-html-sanitizer-release-20190610.1) to sanitize customer-generated HTML content in emails. During this process, we encountered an issue where a tag inside a tag causes...
The latest release removes the Guava dependency and introduces the use of Java8 and Java10 shims. The sanitzer JAR was previously completely self-contained except for the Guava dependency. It would...
On CssSchema (https://github.com/OWASP/java-html-sanitizer/blob/f729a089b20aef49ed9ffd7ed1c7e207eee71dc5/owasp-java-html-sanitizer/src/main/java/org/owasp/html/CssSchema.java#L714) ```java Property textAlign = new Property(0, union(azimuthLiterals1, textAlignLiterals0), zeroFns); builder.put("text-align", textAlign); ``` The text-align possible values are (https://developer.mozilla.org/en-US/docs/Web/CSS/text-align ) : ``` text-align: start; text-align: end; text-align: left;...
Bumps [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) from 3.16.3 to 3.25.5. Release notes Sourced from com.google.protobuf:protobuf-java's releases. Protocol Buffers v3.20.3 Java Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
if my input string has "×" , they changes to "×"
I am facing issue with processing of tag for offsite url pattern. We have requirement to show embedded image coming from some source. Post sanitization it's data part is trimmed....
Fixes regression introduced in `20240325.1` - see #336 for details. * Use `LinkedHashSet` to preserve insertion order where applicable - please note that there may be more regressions like this...
There has been a [question](https://github.com/OWASP/java-html-sanitizer/issues/348) and even a whole [markdown page](https://github.com/OWASP/java-html-sanitizer/blob/wiki/CVE20114457.md) for this, however the question "in which version this vulnerability has been fixed" is not clearly answered. Due to...
