[英]OWASP java-html-sanitizer - policy for unclosed tags
I am using the same example of EbayPolicyExample.java
from the OWASP java-html-sanitizer, however, I have been facing some issues when the user writes something like: let's consider that x <n then we have ...
So what happens is that every text after <n
is removed. 我正在使用来自OWASP java-html-sanitizer的
EbayPolicyExample.java
的同一示例,但是,当用户编写类似内容时,我遇到了一些问题: let's consider that x <n then we have ...
那么发生了什么呢? <n
之后的所有文本都将被删除。
How could I fix this issue and remains the string <n
? 如何解决此问题并保留字符串
<n
?
I tried to change the Policy a little bit, but I wasn't successful and it is possible to guess what letter the user will enter after <
. 我尝试了一点更改策略,但未成功,可以猜测用户在
<
之后输入的字母。
Note: the tag n is just an example, it should also work for any letter (eg <o, <i, <y
)? 注意:标签n只是一个例子,它也可以用于任何字母(例如
<o, <i, <y
)吗?
let's consider that x <n then we have ...
let's consider that x <n then we have ...
let's consider that x
let's consider that x
let's consider that x <n then we have ...
let's consider that x <n then we have ...
The link for the code: https://raw.githubusercontent.com/OWASP/java-html-sanitizer/master/src/main/java/org/owasp/html/examples/EbayPolicyExample.java 代码的链接: https : //raw.githubusercontent.com/OWASP/java-html-sanitizer/master/src/main/java/org/owasp/html/examples/EbayPolicyExample.java
You are supposed to provide valid HTML in your input. 您应该在输入中提供有效的HTML。
<
is a special character in HTML. <
是HTML中的特殊字符。 It denotes the start of a tag. 它表示标签的开始。
You have to replace <
with the corresponding HTML entity: <
您必须将
<
替换为相应的HTML实体: <
in your input. 在您的输入中。
I the input is entered by the user, you have to pre-process it and make sure it actually is valid HTML. 如果输入是用户输入的,则必须对其进行预处理,并确保它实际上是有效的HTML。 This post might be useful: Recommended method for escaping HTML in Java
这篇文章可能会有用: 在Java中转义HTML的推荐方法
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.