OWASP html sanitizer - Why does it block some objects?

Question

OWASP html sanitizer - Why does it block some objects?

I am new to Owasp and its HTML detectors and find that with any policy I use, it does not return some objects back to characters.

For example, this line:

&#64; test &#33;

turns into this:

&#64; test !

I would like to leave the objects “as is” as much as possible. I would even understand it if it eluded them, and not eluded them.

So is this possible with a disinfectant? This seems to be done no matter what I'm trying to use for politics.

Here is the code I'm running for my simple test:

package com.my.company.test;

import org.junit.Test;
import org.owasp.html.PolicyFactory;
import org.owasp.html.Sanitizers;

import junit.framework.TestCase;

public class OwaspSanitizerTest extends TestCase {
  public static final PolicyFactory POLICY = Sanitizers.IMAGES;

  @Test
  public static final void testTextFilter() throws Exception {
      String data = "&#64; test &#33;";
      String result = POLICY.sanitize(data);

      System.out.println(result);

      assertEquals("&#64; test &#33;", result);
  }
}

EDIT: , , , , , . , , , .

+4

java sanitization owasp

Brad Parks 25 . '14 19:23

1

Mike Samuel · Accepted Answer · 2014-03-26T01:07:10+0000

, , HTML XML, , .

OWASP html sanitizer - Why does it block some objects?

More articles: