html-sanitizing Questions
3
Solved
In Rails 7.0 and earlier, we customized the Trix editor to embed YouTube videos. As is customary, the video will be embedded via an iframe tag. The Rails sanitizer removes this tag as it can be abu...
Marvamarve asked 26/10, 2023 at 10:7
4
When i got the warning:
"WARNING: sanitizing HTML stripped some content"
I did some research and saw people using the pipe below or a pipe that looks like the one below
import { Pipe, P...
Amine asked 28/11, 2017 at 9:44
4
Solved
What I want is a function I can run on user input that will intelligently find and add the width and height attributes to any <img> tag in a blob of HTML so as to avoid page-reflowing issues ...
Alvinaalvine asked 1/7, 2010 at 12:0
12
Solved
We have a high security application and we want to allow users to enter URLs that other users will see.
This introduces a high risk of XSS hacks - a user could potentially enter javascript that an...
Morbidezza asked 15/10, 2008 at 18:46
4
Solved
I use <div [innerHTML]="body"></div> to pass unescaped HTML to my template, and when I pass to body div with attribute id, Angular throw:
WARNING: sanitizing HTML stripped some conte...
Hammerfest asked 24/9, 2016 at 21:32
3
I'm looking for a simple HTML sanitizer written in JavaScript. It doesn't need to be 100% XSS secure.
I'm implementing Markdown and the WMD Markdown editor (The SO master branch from github)...
Mescaline asked 28/10, 2009 at 13:35
10
I need to display external resources loaded via cross domain requests and make sure to only display "safe" content.
Could use Prototype's String#stripScripts to remove script blocks. But handlers...
Dispensable asked 17/11, 2008 at 13:34
1
Solved
I'm trying to sanitize content of MarkupString. Actually I created this (based from https://github.com/dotnet/aspnetcore/blob/574be0d22c1678ed5f6db990aec78b4db587b267/src/Components/Components/src/...
Jell asked 21/3, 2020 at 10:56
1
Solved
Preamble
My use-case includes a front-end WYSIWYG editor. Taking user input in HTML5/CSS format from the CSHTML Front-End View. Receiving the input in the Backend Controller's action via POST requ...
Callus asked 26/12, 2019 at 2:28
3
Solved
What's wrong with this line of code?
<%= submit_tag "Delete <i class='icon-check'></i>".html_safe, :disable_with => "Deleting", :class => "btn btn-danger"%>
This literal...
Doorstone asked 22/8, 2012 at 16:45
17
Solved
Is it possible to create an HTML fragment in an AngularJS controller and have this HTML shown in the view?
This comes from a requirement to turn an inconsistent JSON blob into a nested list of id:...
Kanter asked 21/2, 2012 at 17:12
6
Solved
I'm starting a project that will be public facing using asp.net mvc. I know there are about a billion php, python, and ruby html sanitizers out there, but does anyone have some pointers to anything...
Handicap asked 4/12, 2008 at 20:6
2
Solved
I am generating html, and inserting it into my web page using
let data = '<font color=blue>hello world</font>';
this.safevalue = this.domSanitizer.bypassSecurityTrustHtml(data);
Els...
Subway asked 26/10, 2017 at 16:18
2
Solved
I am working on a simple to do app. Everything works, except, if the user inputs an html element into the input, then it gets rendered as html. So, for instance if the input is h1 heading /h1 , I g...
Autacoid asked 16/1, 2018 at 5:2
1
Solved
Official Angular Security Guide speaks about 4 security contexts: HTML, Url, Style and Resource Url.
Each one is responsible for sanitizing corresponding type of resource.
In addition, there are 5 ...
Corfu asked 4/6, 2017 at 13:29
5
Solved
Is there a library or acceptable method for sanitizing the input to an html page?
In this case I have a form with just a name, phone number, and email address.
Code must be C#.
For example:
"&...
Overtax asked 9/10, 2008 at 19:41
0
We have found that angular-sanitize "sanitizes" the Nordic alphabet's characters and makes them into HTML entities. So every time you input ä character in INPUT and $sanitize your input, you end up...
Frontality asked 27/11, 2015 at 14:5
1
Solved
I am looking for html purifier library now. And I've found that there are two "owasp" library. First is https://code.google.com/p/owasp-java-html-sanitizer/ and the second is https://www.owasp.org/...
Disaffection asked 18/2, 2015 at 6:56
5
This is a common problem, I'm hoping it's been thoroughly solved for me.
In a system I'm doing for a client, we want to accept HTML from untrusted sources (HTML-formatted email and also HTML files...
Lastly asked 30/12, 2010 at 10:17
7
I want to be able to accept HTML from untrusted users and sanitize it so that I can safely include it in pages on my website. By this I mean that markup should not be stripped or escaped, but shoul...
Erato asked 17/7, 2013 at 5:26
1
Solved
I'm using Jsoup with relaxed whitelist. It seems perfect but I would like to keep the embedded images tags like <img alt="" src="data:;base64.
Is there a way to modify the whitelist to accept a...
Bouse asked 16/3, 2014 at 22:50
1
Is there any HTML sanitizer or cleanup methods available in any JSF utilities kit or libraries like PrimeFaces/OmniFaces?
I need to sanitize HTML input by user via p:editor and display safe HTML o...
Presidentelect asked 19/4, 2014 at 7:11
1
Solved
Using Rails, I need to get a plain text and show it as HTML, but I don't want to use <pre> tag, as it changes the format.
Selinski asked 16/3, 2014 at 20:15
1
Solved
I encountered a particular string (it's not completely printable, but you can see it below) that causes a htmlspecialchars() to return a zero-length string. Is there any way this can be fixed?
$St...
Astrobiology asked 29/7, 2012 at 0:56
3
Currently i'm using this method with jQuery solution, to clean string from possible XSS attacks.
sanitize:function(str) {
// return htmlentities(str,'ENT_QUOTES');
return $('<div></div&...
Andy asked 2/7, 2012 at 10:48
1 Next >
© 2022 - 2024 — McMap. All rights reserved.