Kish-Jadhav
Kish-Jadhav
I am facing same issue, when I upgraded OWASP-html-sanitizer.jar to latest. I have verified that this issue has been introduced in 20160614.1 release(it was working in 20160526.1 release). Here is...
Image src before 20160614.1 release:"http://www.mks.com/image s/en/logob.gif onload=" Image src after 20160614.1 release:"http://www.mks.com/image%20s/en/logob.gif%20onload=" In first output consider the & with # 61 is there.
Are you using this in production?