menu and menuitem order getting disrupted
31 views
Skip to first unread message
wynn...@gmail.com
Oct 4, 2016, 1:01:00 PM10/4/16
to OWASP Java HTML Sanitizer Support
Hey there,
I noticed the following behavior when playing with the jar today:
I noticed the following behavior when playing with the jar today:
Running the following through a sanitizer that allows all elements and attributes mentioned: <div contenteditable="true" contextmenu="MY_MENU" dir="ltr" draggable="true" dropzone="copy" hidden="" spellcheck="true" translate="yes">
<menu id="MY_MENU" type="context">
<menuitem label="Refresh"></menuitem>
<menuitem label="Twitter"></menuitem>
</menu> LOTS OF TEXT HERE
</div>
Yields the following:
<div contenteditable="true" contextmenu="MY_MENU" dir="ltr" draggable="true" dropzone="copy" hidden="" spellcheck="true" translate="yes">
<div contenteditable="true" contextmenu="MY_MENU" dir="ltr" draggable="true" dropzone="copy" hidden="" spellcheck="true" translate="yes">
<menu id="MY_MENU" type="context">
<menuitem label="Refresh"> <menuitem label="Twitter"></menuitem></menuitem>
</menu> LOTS OF TEXT HERE
</div>
This breaks the functionality of the menu / menuitems
Has anyone experienced this before?
NOTE: if you have text between the <menuitme> and </menitem> tags then it works fine.. but it shouldn't require this right?
Has anyone experienced this before?
NOTE: if you have text between the <menuitme> and </menitem> tags then it works fine.. but it shouldn't require this right?
Mike Samuel
Oct 4, 2016, 1:16:27 PM10/4/16
to OWASP Java HTML Sanitizer Support
This looks like a bug. Probably a missing entry in an element
containment table that hasn't kept up with HTML5 elements.
Filed https://github.com/OWASP/java-html-sanitizer/issues/96 to track.
> --
> You received this message because you are subscribed to the Google Groups
> "OWASP Java HTML Sanitizer Support" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to owasp-java-html-saniti...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
containment table that hasn't kept up with HTML5 elements.
Filed https://github.com/OWASP/java-html-sanitizer/issues/96 to track.
> You received this message because you are subscribed to the Google Groups
> "OWASP Java HTML Sanitizer Support" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to owasp-java-html-saniti...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
wynn...@gmail.com
Dec 6, 2016, 9:06:51 AM12/6/16
to OWASP Java HTML Sanitizer Support, wynn...@gmail.com
Was looking through some of the older topics in this group and came across this - seems to be quite relevant:
• Allow customization for a Custom elements closing tag.
• Allow customization for a Custom elements closing tag.
Jim Manico
Dec 7, 2016, 2:33:32 AM12/7/16
to owasp-java-html-...@googlegroups.com, wynn...@gmail.com
We take patches!
If anyone on the list is interested in helping take on some of the existing bugs and feature suggestions we'll be happy to review and consider them for inclusion. This library is getting a lot of use and is MUI complicated - help is always appreciated.
The other library you should evaluate and consider is JSoup. It's
not as performance friendly but it's actively being developed and
is worth considering in your security library evaluation.
Aloha, Jim
On 12/6/16 3:06 PM, wynn...@gmail.com
wrote:
Was looking through some of the older topics in this group and came across this - seems to be quite relevant:
• Allow customization for a Custom elements closing tag.
Reply all
Reply to author
Forward
0 new messages