Comments (6)
fixed at r229
Original comment by [email protected]
on 5 May 2014 at 11:22
- Changed state: Fixed
from java-html-sanitizer.
This issue does not seems to be fixed properly. Try to test with span element
with no attribute.
"<span> span text </span>"
or with attribute that is not explicitly allowed.
"<span class="redtext"> span text </span>"
In both case, the span element will be removed even you add
Sanitizer.FORMATTING or add span to allowed elements manually.
James
Original comment by [email protected]
on 31 Jul 2014 at 1:41
from java-html-sanitizer.
Sanitizers.FORMATTING does not white-list class attributes.
Original comment by [email protected]
on 31 Jul 2014 at 12:37
from java-html-sanitizer.
Mike
Thank you for the reply.
But still the empty span element should be allowed with Sanitizers.FORMATTING
which in fact is not.
This library works amazing and help us a lot with our work .Thanks for the hard
work.
James
Original comment by [email protected]
on 4 Aug 2014 at 1:08
from java-html-sanitizer.
<span> is, by default, one of the elements that is disallowed without
attributes.
Certain elements, <img> and <a> for example, are dropped if they have no
attributes that survive white-listing. This prevents <img>s with rejected
src="..."s from showing up as broken.
https://code.google.com/p/owasp-java-html-sanitizer/issues/detail?id=23 shows
how to workaround this if you really want attribute-less <span>s in your output.
Original comment by [email protected]
on 4 Aug 2014 at 12:29
from java-html-sanitizer.
I think that makes sense.
Thank you for your reply. Have a good day.
Original comment by [email protected]
on 5 Aug 2014 at 7:29
from java-html-sanitizer.
Related Issues (20)
- Licensing issue: BSD-3-Clause or BSD-2-Clause? HOT 1
- Sanitizer converting font names in 'style' attribute value to lower case
- CSS property `overflow-wrap` not included in CssSchema definition list
- xxx-large font-size is discarded when allowStyling() is used HOT 6
- Issue while disallowing attributes matching pattern
- Remove malicious code from svg content HOT 1
- Encoding malicious code instead of removing it HOT 4
- Index out of bound when empty list is passed to `allowAttributes(...).globally()`
- Guava removal breaks compatibility (with JDK9) HOT 13
- Html sanitizer repeatedly adds rel="noopener noreferrer" even if it's pre-exist HOT 1
- SECURITY.MD currently does not contain sensible information
- Sanitizing CSS HOT 3
- ClassNotFoundException: org.owasp.shim.Java8Shim after update to 20240325.1 HOT 5
- Release 20240325 cannot be transpiled HOT 1
- Issue in 2024x version with styles
- Question: What means Recognize foreign content syntactic context: mathml / svg?
- Issues encountered while processing <a> tags
- rel attributes are reordered in 20220608.1
- Possible to enforce having mutliple attributes on tag?
- On Java8Shim class, better to catch Throwable instead of Error
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from java-html-sanitizer.