Reputation: 143
Antisamy converting single quotes to double quotes
When i am trying to scan a html tag through antisammy, It gives weird output. It converts single quotes to double quotes.
CleanResults cr = as.scan(dirtyContent, policy);
System.out.println(cr.getCleanHTML());
Input string - <span style="font-family: 'times new roman', times, serif;">My name is Gourav</span>
Output string - <span style="font-family: "times new roman" , times , serif;">My name is Gourav</span>
So, as you can see, the single quotes are encoded as " which when decoded gives " instead of '. This is causing problems for me.
Antisammy Version - 1.5.3
Policy File - antisamy-anythinggoes.xml
How can i solve this? Any help is appreciated
Upvotes: 0
Views: 446
Answers (2)
Reputation: 143
I raised this issue in the Antisammy GitHub project. This issue is now fixed :) . Please check the release notes for Release 1.7.1.
Upvotes: 0
Reputation: 823
try this simple solution
try
{
.
.
.
dirtyContent.replaceAll("'", "SOME_COMBINATION_OF_CHARS");
CleanResults cr = as.scan(dirtyContent, policy);
dirtyContent.replaceAll("SOME_COMBINATION_OF_CHARS", "'");// here is your sanitised data
}
catch(Exception ex)
{
//do something on expn
}
Upvotes: 1
Related Questions
- HTML-Entity escaping to prevent XSS
- How to allow specific characters with OWASP HTML Sanitizer?
- AntiSamy to prevent XSS in java?
- Strict Quote Escaping in Tomcat
- Escape quote when using StringBuilder
- Java how to encode single quote and double quote into HTML entities?
- Don't escape double quotes in a string
- Escaping quotes in java
- How do you escape HTML attribute values in Java without the Owasp Library?
- How do you un-encode single and double quotes in java?