[Owasp-antisamy] Ampersand character in title attribute

August Detlefsen augustd at codemagi.com
Mon Feb 22 15:19:37 EST 2010

AntiSamy is rejecting the ampersand character in the title attribute of 
an href. If my input is:

<a href="/some/page" title="Full Q&A Session" />

It rejects the tag due to the &.

Do you know of any reason why that character should be banned from a 
title? It seems like it would be present a lot if you are encoding 
special characters...

Is it safe to adjust the default regex for the title field to allow the 


August Detlefsen
CEO/Web Application Architect
CodeMagi, Inc.

More information about the Owasp-antisamy mailing list