How to pass through client template variables?

15 views
Skip to first unread message

arju...@gmail.com

unread,
Jan 23, 2016, 7:32:19 PM1/23/16
to OWASP Java HTML Sanitizer Support
Hello all

With v1.1, sanitizing a HTML string with client template variables messes up the client template variables.
e.g. Input string: <span style="font-size:medium">{{fName}} {{lName}}</span>
Output String: <span style="font-size:medium">{<!-- -->{fName}} {<!-- -->{lName}}</span>

Discovered that this change was intentional through this doc - https://github.com/OWASP/java-html-sanitizer/blob/master/docs/client-side-templates.md

Is there a way to opt-out of sanitizing client template variables?

Thanks
Arjun
Reply all
Reply to author
Forward
0 new messages