Anti XSS Library removing UL tag. Why?

Question

I am using the Microsoft anti xss library and I noticed that for some reason it is removing the <ul> tag. I can't figure out why. For instance:

 string html = @"<ul><li>this is a test </li></ul>";
 string sanitized = Sanitizer.GetSafeHtmlFragment(html);

This is returning:

   \r\n<li>this is a test </li>

Any ideas?

Possibly related to a bug in Sanitizer: [link](http://wpl.codeplex.com/workitem/17246) — Tung, Mar 26 '12 at 19:21
Hmm. I guess try a older version till this is fixed and see what happens? Anyone know where to get an older version. Nuget seems to only have the newest version. — chobo2, Mar 26 '12 at 19:24
You can download the [source](http://wpl.codeplex.com/SourceControl/changeset/changes/72192) from one of the earlier check-ins and compile it. It contains v3.0, v3.1, and v4.0 — Tung, Mar 26 '12 at 19:34
Ya seems like going back to 4.0.1 does the trick. So must be a problem with latest versio. — chobo2, Mar 26 '12 at 21:03

Tung · Accepted Answer · 2012-06-01T04:54:22.617

1

This is a bug. Users who would like to use one of the older versions can acquire them here

@Ray Cheng, cheers

edited Jun 01 '12 at 04:54

answered Jun 01 '12 at 04:39

Tung

1 Answers1