Groups

OWASP Java HTML Sanitizer Announce

Contact owners and managers

1–6 of 6

Welcome.

This is a low-traffic list of noteworthy changes to OWASP's Java HTML sanitizer.

Only moderators can post. If you have questions or comments, please use our Support and Discussion list instead.

0 selected

10/18/21

CVE-2021-42575: OWASP HTML Sanitizer policies that allow <style> in <option> are vulnerable

Details at https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/edit# If a

unread,

CVE-2021-42575: OWASP HTML Sanitizer policies that allow <style> in <option> are vulnerable

Details at https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/edit# If a

10/18/21

3/25/19

Guava dependency changed in Release 20190325.1 of OWASP/java-html-sanitizer

I released version 20190325.1 of github.com/OWASP/java-html-sanitizer which changes the way the Guava

unread,

Guava dependency changed in Release 20190325.1 of OWASP/java-html-sanitizer

I released version 20190325.1 of github.com/OWASP/java-html-sanitizer which changes the way the Guava

3/25/19

2/19/18

Recommend upgrade to 20180219.1: addresses iOS/MacOS "text bomb"

It will takes Maven's search engine some time to index new releases. In the meantime https://

unread,

Recommend upgrade to 20180219.1: addresses iOS/MacOS "text bomb"

It will takes Maven's search engine some time to index new releases. In the meantime https://

2/19/18

1/26/17

Changes to Sanitizer output and HTML5 support in OWASP Sanitizer

TLDR; the next version of the OWASP HTML Sanitizer will include better HTML 5 support but will also

unread,

Changes to Sanitizer output and HTML5 support in OWASP Sanitizer

TLDR; the next version of the OWASP HTML Sanitizer will include better HTML 5 support but will also

1/26/17

7/24/13

r198 changes CSS sanitizing

The latest release, r198, includes significant changes to CSS sanitization. If you don't use

unread,

r198 changes CSS sanitizing

The latest release, r198, includes significant changes to CSS sanitization. If you don't use

7/24/13

12/10/12

HTML Sanitizer changes to text node handling

Please ignore if you do not define custom OWASP HTML sanitizer element policies. As of today, 10 Dec.

unread,

HTML Sanitizer changes to text node handling

Please ignore if you do not define custom OWASP HTML sanitizer element policies. As of today, 10 Dec.

12/10/12

Search

Clear search

Close search

Google apps

Main menu