Groups
Sign in
Groups
OWASP Java HTML Sanitizer Support
Conversations
About
Send feedback
Help
OWASP Java HTML Sanitizer Support
Contact owners and managers
1–30 of 158
Mark all as read
Report group
0 selected
Rasmita Mahapatra
, …
Jim Manico
21
7/30/20
When the list of open div tags is very big sanitizer is removing other tags which actually has content.
My suggestion is that you remove the hundreds of div's before you sanitize. This is not a high
unread,
When the list of open div tags is very big sanitizer is removing other tags which actually has content.
My suggestion is that you remove the hundreds of div's before you sanitize. This is not a high
7/30/20
Raviprasad Narava
, …
Jim Manico
12
7/4/20
How to apply HTML Sanitizer to existing project
Hi Jim, I'm checking in my application. Hopefully, it will be sorted out. Thanks for your support
unread,
How to apply HTML Sanitizer to existing project
Hi Jim, I'm checking in my application. Hopefully, it will be sorted out. Thanks for your support
7/4/20
양봉수
,
Mike Samuel
3
6/23/20
I'm curious about AttributeBuilder matching function
My question was not clear. sorry We already have allow / disallow functions. ex) allowElements,
unread,
I'm curious about AttributeBuilder matching function
My question was not clear. sorry We already have allow / disallow functions. ex) allowElements,
6/23/20
kevinp...@gmail.com
,
Mike Samuel
4
10/22/19
Library not able to support all Internationalized characters.
Np. I'm glad you got it sorted. On Tue, Oct 22, 2019 at 9:30 AM <kevinp...@gmail.com>
unread,
Library not able to support all Internationalized characters.
Np. I'm glad you got it sorted. On Tue, Oct 22, 2019 at 9:30 AM <kevinp...@gmail.com>
10/22/19
Sneha Patil
4/26/19
Does OWASP support conversion of relative path to absolute using base href
Is there any provision where relative paths can be converted to absolute using base tag during
unread,
Does OWASP support conversion of relative path to absolute using base href
Is there any provision where relative paths can be converted to absolute using base tag during
4/26/19
Daniel Yee
,
Mike Samuel
4
3/1/19
"xss" appended to HTML output
I'm glad you got it sorted out. On Fri, Mar 1, 2019 at 1:56 PM Daniel Yee <tuf3...@temple.edu
unread,
"xss" appended to HTML output
I'm glad you got it sorted out. On Fri, Mar 1, 2019 at 1:56 PM Daniel Yee <tuf3...@temple.edu
3/1/19
Trent Miller
,
Mike Samuel
2
2/4/19
Best way to contribute code?
On Mon, Feb 4, 2019 at 3:28 PM Trent Miller <tre...@gmail.com> wrote: Hello, I recently wrote
unread,
Best way to contribute code?
On Mon, Feb 4, 2019 at 3:28 PM Trent Miller <tre...@gmail.com> wrote: Hello, I recently wrote
2/4/19
pankaj...@gmail.com
,
Mike Samuel
4
11/26/18
OWASP Sanitizer removes everything enclosed in angular brackets
On Fri, Nov 16, 2018 at 6:28 PM Pankaj Dighe <pankaj...@gmail.com> wrote: Hi Mike , Thanks
unread,
OWASP Sanitizer removes everything enclosed in angular brackets
On Fri, Nov 16, 2018 at 6:28 PM Pankaj Dighe <pankaj...@gmail.com> wrote: Hi Mike , Thanks
11/26/18
saurav...@gmail.com
,
Mike Samuel
2
11/21/18
Upgrade from Antisamy to OWASP Java HTML Sanitizer
On Tue, Nov 20, 2018 at 11:00 AM <saurav...@gmail.com> wrote: Hi, In our project we have a
unread,
Upgrade from Antisamy to OWASP Java HTML Sanitizer
On Tue, Nov 20, 2018 at 11:00 AM <saurav...@gmail.com> wrote: Hi, In our project we have a
11/21/18
Will Herrmann
,
Mike Samuel
3
11/16/18
Is it possible to log or throw an error on an invalid tag instead of silently sanitize it?
Thanks, that does exactly what I'm looking for! On Thursday, November 8, 2018 at 6:06:37 PM UTC-6
unread,
Is it possible to log or throw an error on an invalid tag instead of silently sanitize it?
Thanks, that does exactly what I'm looking for! On Thursday, November 8, 2018 at 6:06:37 PM UTC-6
11/16/18
wynn...@gmail.com
, …
Mike Samuel
12
11/13/18
Custom CssSchema & Properties
Sorry, John, I dropped the ball on this one. If https://github.com/OWASP/java-html-sanitizer/commit/
unread,
Custom CssSchema & Properties
Sorry, John, I dropped the ball on this one. If https://github.com/OWASP/java-html-sanitizer/commit/
11/13/18
songji...@gmail.com
9/21/18
Is this expected behavior to have text between <tr></tr> or <ul></ul> ?
Hi, I was using r239 which give some odd behavior when have text between some tags. So I also testing
unread,
Is this expected behavior to have text between <tr></tr> or <ul></ul> ?
Hi, I was using r239 which give some odd behavior when have text between some tags. So I also testing
9/21/18
Rasmita Mahapatra
,
Mike Samuel
2
8/30/18
HTML having Quoted-Printable format characters is not sanitized properly
It doesn't look like a bug in the sanitizer. > Input: "<a title="Gibson, Darlene
unread,
HTML having Quoted-Printable format characters is not sanitized properly
It doesn't look like a bug in the sanitizer. > Input: "<a title="Gibson, Darlene
8/30/18
evilf...@gmail.com
,
Jim Manico
2
8/16/18
Sanitize all requests
This library is meant to sanitize small snippets of HTML from WYSIWYG editors and other data entry
unread,
Sanitize all requests
This library is meant to sanitize small snippets of HTML from WYSIWYG editors and other data entry
8/16/18
Sresan Thevarajah
,
Mike Samuel
2
6/15/18
Documentation on Sanitization Algorithm
On Fri, Jun 15, 2018 at 2:33 PM Sresan Thevarajah <sresan...@gmail.com> wrote: Hey I was
unread,
Documentation on Sanitization Algorithm
On Fri, Jun 15, 2018 at 2:33 PM Sresan Thevarajah <sresan...@gmail.com> wrote: Hey I was
6/15/18
pep
, …
Mike Samuel
6
6/14/18
Problems with embedded images
On Thu, Jun 14, 2018 at 12:56 PM <mcr...@gmail.com> wrote: Hi I have exactly the same problem,
unread,
Problems with embedded images
On Thu, Jun 14, 2018 at 12:56 PM <mcr...@gmail.com> wrote: Hi I have exactly the same problem,
6/14/18
Rasmita Mahapatra
,
Mike Samuel
3
5/30/18
sanitizer bypasses all css properties when allowStyling() throws an error on adding an unsupported css property to the whitelist
On Tuesday, May 29, 2018 at 10:05:12 PM UTC+5:30, Mike Samuel wrote: On Tue, May 29, 2018 at 7:29 AM,
unread,
sanitizer bypasses all css properties when allowStyling() throws an error on adding an unsupported css property to the whitelist
On Tuesday, May 29, 2018 at 10:05:12 PM UTC+5:30, Mike Samuel wrote: On Tue, May 29, 2018 at 7:29 AM,
5/30/18
sajid....@gmail.com
,
Mike Samuel
5
5/23/18
Value which starts with & like '' gets ignored in the string
On Wed, May 23, 2018 at 2:08 AM, <sajid....@gmail.com> wrote: Is this a bug and/or any
unread,
Value which starts with & like '' gets ignored in the string
On Wed, May 23, 2018 at 2:08 AM, <sajid....@gmail.com> wrote: Is this a bug and/or any
5/23/18
Rasmita Mahapatra
5/21/18
Table with multiple columns are converted to multiple table
This is the sample input <html> <head> </head> <body id="mimemail-body
unread,
Table with multiple columns are converted to multiple table
This is the sample input <html> <head> </head> <body id="mimemail-body
5/21/18
Praveen kumar
,
Mike Samuel
2
3/6/18
How to allow url protocol for a specific tag alone.
Does the url classifier attribute predicate in PR 126 do what you need? /** * Filters out values
unread,
How to allow url protocol for a specific tag alone.
Does the url classifier attribute predicate in PR 126 do what you need? /** * Filters out values
3/6/18
Brent Crammond
, …
Jim Manico
4
3/5/18
Wiki Documentation broken links
I changed the JavaDoc link to http://javadoc.io/doc/com.googlecode.owasp-java-html-sanitizer/owasp-
unread,
Wiki Documentation broken links
I changed the JavaDoc link to http://javadoc.io/doc/com.googlecode.owasp-java-html-sanitizer/owasp-
3/5/18
Rasmita Mahapatra
,
Mike Samuel
4
2/20/18
additional tags are removed along with half open vulnarable tags <IMG SRC="javascript:alert('XSS')
On Feb 20, 2018 12:18 AM, "Rasmita Mahapatra" <rasm...@gmail.com> wrote: On
unread,
additional tags are removed along with half open vulnarable tags <IMG SRC="javascript:alert('XSS')
On Feb 20, 2018 12:18 AM, "Rasmita Mahapatra" <rasm...@gmail.com> wrote: On
2/20/18
Mike Samuel
2
2/19/18
Recommend upgrade to 20180219.1: addresses iOS/MacOS "text bomb"
It will takes Maven's search engine some time to index new releases. In the meantime https://
unread,
Recommend upgrade to 20180219.1: addresses iOS/MacOS "text bomb"
It will takes Maven's search engine some time to index new releases. In the meantime https://
2/19/18
Rasmita Mahapatra
,
Mike Samuel
5
2/19/18
Sanitizer is stripping the href if the URL is tailed with white space when the url protocol is ftp
On Friday, February 16, 2018 at 5:33:34 PM UTC+5:30, Mike Samuel wrote: On Feb 16, 2018 3:03 AM,
unread,
Sanitizer is stripping the href if the URL is tailed with white space when the url protocol is ftp
On Friday, February 16, 2018 at 5:33:34 PM UTC+5:30, Mike Samuel wrote: On Feb 16, 2018 3:03 AM,
2/19/18
ashish...@gmail.com
,
Mike Samuel
2
1/29/18
Sanitize the HTML in JSON input
No. You can run it on the content of strings before composing your JSON, but not on the output JSON
unread,
Sanitize the HTML in JSON input
No. You can run it on the content of strings before composing your JSON, but not on the output JSON
1/29/18
marcelo....@hotmail.com
, …
Mike Samuel
4
1/26/18
How to add new font-families? -- Issue #70
No worries. I'm glad you sorted out your problem. On Fri, Jan 26, 2018 at 6:14 AM, <marcelo.
unread,
How to add new font-families? -- Issue #70
No worries. I'm glad you sorted out your problem. On Fri, Jan 26, 2018 at 6:14 AM, <marcelo.
1/26/18
rasm...@gmail.com
, …
Mike Samuel
9
1/11/18
href is removed from <a> tag it it contains new line character
On Thu, Jan 11, 2018 at 6:49 AM, Rasmita Mahapatra <rasm...@gmail.com> wrote: > When there
unread,
href is removed from <a> tag it it contains new line character
On Thu, Jan 11, 2018 at 6:49 AM, Rasmita Mahapatra <rasm...@gmail.com> wrote: > When there
1/11/18
Paulo Avelar
, …
Mike Samuel
5
12/19/17
sanitizer is adding empty comment block given double curly braces...
This discussion seems to be happening both here and on https://github.com/OWASP/java-html-sanitizer/
unread,
sanitizer is adding empty comment block given double curly braces...
This discussion seems to be happening both here and on https://github.com/OWASP/java-html-sanitizer/
12/19/17
nehame...@gmail.com
, …
Jim Manico
4
12/14/17
Can OWASP sanitize JSP requests as well ?
One more note for nehame...@gmail.com If you have existing JSP with XSS and need to fix that, you
unread,
Can OWASP sanitize JSP requests as well ?
One more note for nehame...@gmail.com If you have existing JSP with XSS and need to fix that, you
12/14/17
jason...@gmail.com
,
Mike Samuel
2
12/11/17
CSS Styling doesn't recognize style attribue
On Mon, Dec 11, 2017 at 3:23 PM, <jason...@gmail.com> wrote: I'm attempting to build my
unread,
CSS Styling doesn't recognize style attribue
On Mon, Dec 11, 2017 at 3:23 PM, <jason...@gmail.com> wrote: I'm attempting to build my
12/11/17