When we updated our AntiXss library to 4.2.1 we noticed that our GetSafeHtmlFragment was no longer working. Is it required that we now whitelist any html attributes that we need with the newest release ?
GetSafeHtmlFragment("<b>text</b>") returns only "text".
The version we were running prior to release was 4.0.0 which did not seem to require any such white listing of needed html attributes.
Thank you in advance for reviewing this issue.
Comments: ** Comment from web user: robstrange **
GetSafeHtmlFragment("<b>text</b>") returns only "text".
The version we were running prior to release was 4.0.0 which did not seem to require any such white listing of needed html attributes.
Thank you in advance for reviewing this issue.
Comments: ** Comment from web user: robstrange **
This is unacceptable. The prior version has security vulnerabilities and the new version strips out all of the HTML. This thread is going on 8 months and there still isn't a resolution or updated patch.
version 3 and 4 vulnerabilities:
http://www.securityfocus.com/bid/51291/discuss