java-html-sanitizer
java-html-sanitizer copied to clipboard
OWASP
Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
Since the commit 020d5d0d7b8e985be32d3608612a9889135ef060 all attributes that are allowed globally are ignored, if "style" is given as the first attribute. Problematic code: ``` public HtmlPolicyBuilder globally() { if(attributeNames.get(0).equals("style")) { return...
I noticed that comments are not removed if they are placed inside curly brackets. ## Example ``` PolicyFactory policy = new HtmlPolicyBuilder().allowElements("p").toFactory(); String unsanitized = "{}"; String sanitized = policy.sanitize(unsanitized);...
Hello I would like to submit you a problem in function **HtmlInputSplitter.parseToken() .** When you sanitize HTML text like : " MY CODE" the parser detect end comment just before...
Hi, looks like there's issue with CSS font-family sanitization, when the input is first sanitized it adds quotes to font-families. When the sanitized content is sanitized again it removes some...
Hi, We are using this library in [Zimbra](https://github.com/Zimbra/java-html-sanitizer-release-20190610.1) for sanitization of the e-mail body and during sanitization of the customer-generated HTML, we came across the following situation when we have...
`I` have a HTML which is surrounded by a big list of empty `` tags, sanitizer is removing a portion of a HTML. When removed the empty list of ``...
It would make some sense to be able to easily control (disable completely) the sanitization of client-side templates. Maybe this can be a prepackaged policy. Even if there is a...
The following string: `-->` is being cleaned up by the sanitizer, the comment is just being removed, but this does not go through the htmlChangeListener object. Eventually, a malicious code...
Would it be possible to add a fast copy-method or copy-constructor to the PolicyFactory class. The method `public PolicyFactory and(PolicyFactory f)` seems to be relatively slow and we have to...
