Tags being stripped after <img />

Question

Tags being stripped after <img />

Closed this issue 5 years ago · 1 comments

Hi,

I'm having an issue where any html tag that appears after an img tag gets completely stripped, including content.

For example:

h1. test

Content for this page is not yet entered.
<a >test</a>
<div class=\'test\'> Test Div </div>
<img src=\'http://google.com\'&nbsp;class=\'test\'/>
<div class=\'test\'> Test Div </div>
<div class=\'test\'> Test Div </div>

Gets stripped to:

h1. test

Content for this page is not yet entered.
<a >test</a>
<div class=\'test\'> Test Div </div>
<img />
<> >
<> >

Code example:

$antiXss = new AntiXSS();
$antiXss->removeEvilAttributes(array('style')); // allow style-attributes
$content = $antiXss->xss_clean($content); // Where content is the first example above.

Answer 1 · 2019-06-17T23:32:51.000Z

I don't think that your html is valid. Some browser will try to fix it, but they can't display it as you maybe expect. At least the   is not working at that place, because the keyword src and class need a separation.