[Owasp-antisamy] Why does   tags get escaped?

Mike Christensen imaudi at comcast.net
Wed Feb 18 15:45:05 EST 2009


Thanks!  Let me know if there's anything I can do to help, I don't have 
a ton of free time but I'm definitely interested in this project..

Mike

Arshan Dabirsiaghi wrote:
> Sorry for the quiet response - I talked with Jerry who wrote the .NET 
> version and he is trying to address this and other requests before 
> releasing the next version.
>  
> Thanks for helping us stay focused! We do need nudges every now and again.
>  
> Arshan
>
> ------------------------------------------------------------------------
> *From:* owasp-antisamy-bounces at lists.owasp.org on behalf of Mike 
> Christensen
> *Sent:* Wed 2/18/2009 3:31 PM
> *To:* owasp-antisamy at lists.owasp.org
> *Subject:* Re: [Owasp-antisamy] Why does   tags get escaped?
>
> I'm sending this again as I never got a response to it..
>
> Mike Christensen wrote:
> > Hi guys - there appears to be a bug in AntiSamy (actually it might be
> > more accurate to say there's a bug in the HtmlAgilityPack) that's
> > kinda driving me nuts.  It appears if you enter the HTML:
> >
> > Hello There
> >
> > It gets converted to:
> >
> > Hello There
> >
> > Which is obviously not what I want.  This is happening in
> > AntiSamyDOMScanner.cs in the scan function on this line:
> >
> > string finalCleanHTML = doc.DocumentNode.InnerHtml;
> >
> > It appears the InnerHtml property actually escapes markup within the
> > document.  Are people aware of this issue and is there any documented
> > work-around or planned fix?  I think it's perfectly valid for HTML to
> > safely contain these entities and I don't want markup to be escaped
> > and displayed back to my users.  For now, I've worked around this with:
> >
> > res = res.Replace(" ", " ");
> >
> > But that's a bit lame <g>
> >
> > Thanks!
> > Mike
> >
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20090218/4970e85e/attachment.html 


More information about the Owasp-antisamy mailing list