How to allow special caracters such as & , "" , >, < .. ?
nermineslimane opened this issue · comments
I need to know how can i allow special caracters to not be converted to their html codes such as & --> &, < --> < ?
Is there anyone who can help
This would be an XSS vulnerability, so it would not be sanitizing HTML, which is the purpose of the library.
The only way to prevent it from becoming an XSS vulnerability would be to add some very careful checks to ensure that no browser would interpret the character in question as part of tag syntax in the current context. We'd consider a PR to do that, with unit tests proving it's safe, but it's not something we have a use for or plans to add. Valid, safe HTML for browsers to read is the goal, it rarely matters precisely how it's escaped as long as it is escaped correctly.