Caja-HTML-Sanitizer icon indicating copy to clipboard operation
Caja-HTML-Sanitizer copied to clipboard

Published 20 hours ago verified publisher icon theSmaw

Sanitizaton fails if request/response contains strings like <AAA.

Open priyavivek1 opened this issue 8 years ago • 1 comments

Hi, one of the json request in our project contains a value something like {"test" : "<AAA"}. Sanitization fails here and it returns a wrong json object which cant be parsed.

Please look into this. For example: request JSON is: {"fundsTransferCaptureInfo": {"requestFundsSource": {"requestSourceDepositTransactionAgreement": {"bankNum": "888","branchNum": "888", "accountNum": "0002345"}},"fundsTransferRecipientId": "<ddd","fundsDestinationCcyamt": {"amount": 2345.01,"currencyCd": "GBP"},"sourceCurrencyCd": "CAD","promoCode": "ABCDEFG","fundsTransferMethodTypeCd": "WIRE","fundsTransferServiceCd": "Digital Wire"}}

Santized String returned is : {"fundsTransferCaptureInfo":{"requestFundsSource":{"requestSourc eDepositTransactionAgreement":{"bankNum":"888","branchNum":"888","accountNum":"0 002345"}},"fundsTransferRecipientId":"

Which is not full JSON string and hence breaks the code. this is due to the field "fundsTransferRecipientId": "<ddd" in request.

It works well if there is a space between < and another char "fundsTransferRecipientId": "< ddd", this will work well,

priyavivek1 avatar Sep 29 '16 12:09 priyavivek1

Any update on this issue?

jerinamathews avatar Oct 30 '20 06:10 jerinamathews