antisamy icon indicating copy to clipboard operation
antisamy copied to clipboard

Published 20 hours ago verified publisher icon nahsra

ASHTMLSerializer uses deprecated HTMLSerializer. Replace with TrAX.

Open davewichers opened this issue 1 year ago • 0 comments

ASHTMLSerializer extends org.apache.xml.serialize.HTMLSerializer, which is deprecated.

"Deprecated. This class was deprecated in Xerces 2.6.2. It is recommended that new applications use JAXP's Transformation API for XML (TrAX) for serializing HTML. See the Xerces documentation for more information."

AntiSamyDOMScanner.java also has a couple of offending lines (As does AntiSamySAXScanner):

      @SuppressWarnings("deprecation")
      org.apache.xml.serialize.OutputFormat format = getOutputFormat();

      //noinspection deprecation
      org.apache.xml.serialize.HTMLSerializer serializer = getHTMLSerializer(out, format);
      serializer.serialize(dom);

davewichers avatar Jul 09 '22 21:07 davewichers