You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I discovered that Jsoup.clean() apparently discards all text after a lower than< is followed by another alpha (non-numeric) character.
Here is a short test to verify the behaviour:
assertEquals("this is <some harmless input text", result);
This is potentially severe, since a harmless input text can be discarded after cleaned with JSoup.
Might be caused by a logic that tries to unsuccessfully find the end of an opening tag. However, I would expect JSoup to not touch this text at all and the test should return the same input.
Is there a way to fix this?
Thanks
The text was updated successfully, but these errors were encountered:
When I escape the input string, JSoup just does not do anything because the input is already clean.
In case it was not stated clear enough: I want JSoups cleaning of tags still to work, but an opening tag should not stop it from working.
here is another test that should be green if JSoup works correctly:
@Testpublicvoidtest() {
varresult = Jsoup.clean("<a>RemoveThisTag</a><b>AndThisTag</b>but <not this harmless string", Safelist.none());
assertEquals("RemoveThisTagAndThisTagbut <not this harmless string", result);
Hello,
I discovered that
Jsoup.clean()
apparently discards all text after a lower than<
is followed by another alpha (non-numeric) character.Here is a short test to verify the behaviour:
Expected is the assert to work like this:
This is potentially severe, since a harmless input text can be discarded after cleaned with JSoup.
Might be caused by a logic that tries to unsuccessfully find the end of an opening tag. However, I would expect JSoup to not touch this text at all and the test should return the same input.
Is there a way to fix this?
Thanks
The text was updated successfully, but these errors were encountered: