[Owasp-antisamy] Why does   tags get escaped?

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Wed Feb 18 15:41:30 EST 2009


Sorry for the quiet response - I talked with Jerry who wrote the .NET version and he is trying to address this and other requests before releasing the next version. 
 
Thanks for helping us stay focused! We do need nudges every now and again.
 
Arshan

________________________________

From: owasp-antisamy-bounces at lists.owasp.org on behalf of Mike Christensen
Sent: Wed 2/18/2009 3:31 PM
To: owasp-antisamy at lists.owasp.org
Subject: Re: [Owasp-antisamy] Why does   tags get escaped?



I'm sending this again as I never got a response to it..

Mike Christensen wrote:
> Hi guys - there appears to be a bug in AntiSamy (actually it might be
> more accurate to say there's a bug in the HtmlAgilityPack) that's
> kinda driving me nuts.  It appears if you enter the HTML:
>
> Hello There
>
> It gets converted to:
>
> Hello There
>
> Which is obviously not what I want.  This is happening in
> AntiSamyDOMScanner.cs in the scan function on this line:
>
> string finalCleanHTML = doc.DocumentNode.InnerHtml;
>
> It appears the InnerHtml property actually escapes markup within the
> document.  Are people aware of this issue and is there any documented
> work-around or planned fix?  I think it's perfectly valid for HTML to
> safely contain these entities and I don't want markup to be escaped
> and displayed back to my users.  For now, I've worked around this with:
>
> res = res.Replace(" ", " ");
>
> But that's a bit lame <g>
>
> Thanks!
> Mike
>
_______________________________________________
Owasp-antisamy mailing list
Owasp-antisamy at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-antisamy


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20090218/a11dcd5f/attachment.html 


More information about the Owasp-antisamy mailing list