Extra characters got added during sanitization of html

Question

Extra characters got added during sanitization of html

arpitbansal1581 opened this issue 3 years ago · 2 comments

arpitbansal1581 commented 3 years ago

Thanks for reporting an issue.

Please report security vulnerabilities via
OWASP's vulnerability rewards program.

Please report all other feature requests and issues here.

For bugs, please include

any input that causes the problem
any policy code related to the problem if you can
the output you expect

If you're having trouble putting HTML in markdown, try using
an HTML code block:

```html
HTML goes here
```

Answer 1 · 2022-04-25T12:10:45.000Z

Hi,

We are using this owasp-java-html-sanitizer-20211018.2.jar library for sanitization of the custom generated HTML, we came across the following situation when we got extra characters in html code as during sanitization.

Input -> {1:F21TEMPBIC}{4:{177:2203031005}{451:0}}{{311:ACK}{108:MA33A03110SZ0TFC}}
Output -> {1:F21TEMPBIC}{4:{177:2203031005}{451:0}}{ {311:ACK}{108:MA33A03110SZ0TFC}}

It will be great if someone can guide me on how to handle this situation or it can be considered as an enhancement or bugfix.

Answer 2 · 2022-04-25T12:15:09.000Z

Not properly raised , need to reopen new one