Issue 7 in owasp-java-html-sanitizer: Misnested list-item and list elements break lists
19 views
Skip to first unread message
owasp-java-h...@googlecode.com
Oct 23, 2012, 11:34:36 AM10/23/12
to owasp-java-html-...@googlegroups.com
Status: Accepted
Owner: mikes...@gmail.com
Labels: Type-Defect Priority-Medium
New issue 7 by mikes...@gmail.com: Misnested list-item and list elements
break lists
http://code.google.com/p/owasp-java-html-sanitizer/issues/detail?id=7
Per
https://groups.google.com/d/topic/owasp-java-html-sanitizer-support/LJFuNLa4T_8/discussion
<ul>
<li>asdf</li>
<ul>
<li>adfasdf</li>
</ul>
</ul>
is getting sanitized into:
<ul>
<li>asdf</li>
</ul>
<ul>
<li>adfasdf</li>
</ul>
instead of what Jon Steven's expects:
<ul>
<li>asdf</li>
<li>
<ul>
<li>adfasdf</li>
</ul>
</li>
</ul>
Jim points out that the input is misnested and
Line 5, Column 6: document type does not allow element "UL" here; assuming
missing "LI" start-tag
The tag balancer does not insert the missing LI start-tag.
Owner: mikes...@gmail.com
Labels: Type-Defect Priority-Medium
New issue 7 by mikes...@gmail.com: Misnested list-item and list elements
break lists
http://code.google.com/p/owasp-java-html-sanitizer/issues/detail?id=7
Per
https://groups.google.com/d/topic/owasp-java-html-sanitizer-support/LJFuNLa4T_8/discussion
<ul>
<li>asdf</li>
<ul>
<li>adfasdf</li>
</ul>
</ul>
is getting sanitized into:
<ul>
<li>asdf</li>
</ul>
<ul>
<li>adfasdf</li>
</ul>
instead of what Jon Steven's expects:
<ul>
<li>asdf</li>
<li>
<ul>
<li>adfasdf</li>
</ul>
</li>
</ul>
Jim points out that the input is misnested and
Line 5, Column 6: document type does not allow element "UL" here; assuming
missing "LI" start-tag
The tag balancer does not insert the missing LI start-tag.
owasp-java-h...@googlecode.com
Oct 23, 2012, 12:49:07 PM10/23/12
to owasp-java-html-...@googlegroups.com
Updates:
Status: Fixed
Comment #1 on issue 7 by mikes...@gmail.com: Misnested list-item and list
http://code.google.com/p/owasp-java-html-sanitizer/source/detail?r=121
fixes this issue by changing the tag balancer to introduce implied
block/flow content containers.
It does not attempt to do this for non-whitespace text nodes or for table
content that needs to be foster-parented per
http://www.whatwg.org/specs/web-apps/current-work/#parsing-main-intable
Status: Fixed
Comment #1 on issue 7 by mikes...@gmail.com: Misnested list-item and list
http://code.google.com/p/owasp-java-html-sanitizer/source/detail?r=121
fixes this issue by changing the tag balancer to introduce implied
block/flow content containers.
It does not attempt to do this for non-whitespace text nodes or for table
content that needs to be foster-parented per
http://www.whatwg.org/specs/web-apps/current-work/#parsing-main-intable
Reply all
Reply to author
Forward
0 new messages