Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
The AntiSamiPolicyTest validates URI filtering in a scenario where it passes invalid XML, where content is included after the closing slash, i.e.
<div/style=\-\&#...>
The test is strict and asserts that no style tag is present, since the XML parser used by AntiSamy does not recognize the tag. This is not in line with how the style tag is treated currently, as invalid values are removed, but the style tag is preserved.
We should make the test more lenient and accept an empty style tag. This would make it also compatible with the Java HTML Cleaner based implementation worked on in SLING-7231.
Attachments
Issue Links
- relates to
-
SLING-7231 Move to owasp sanitizer library
- Closed