Recent changes to bugs

Whitespaces enclosed in their own tags are sometimes dropped

Fynn Godau — Tue, 30 Sep 2025 16:40:11 -0000

Consider the following HTML text:

hello<strong> </strong>world

When using htmlcleaner-gui-2.29 on a file with this content, the output will be:

<?xml version="1.0" encoding="utf-8"?>
<html>

<head />

<body>helloworld</body>
</html>

That is, the whitespace enclosed in the strong tag is dropped. In my Java application, the space is dropped from the tree likewise.

(It is worth noting that in some constellations, the rule of which I could not quite determine, the htmlcleaner-gui-2.29 output will contain a newline instead of the space because it chooses a different formatting rule. Unfortunately I could not determine a good way of resolving the issue yet.)

#227 Running out of memory cleaning HTML

Richard Morley-Smith — Thu, 05 Jun 2025 13:56:23 -0000

Hi @scottwilson, this one has been fixed as a result of the changes to prevent stackoverflow in 2.29, so it can be closed.

#241 Wrong children of dl incorrectly wrapped in div

Michael Hamann — Fri, 19 Apr 2024 09:18:18 -0000

I forgot to mention, this is with HTML 5 tag definitions, with HTML 4 the example input is kept as-is.

Wrong children of dl incorrectly wrapped in div

Michael Hamann — Fri, 19 Apr 2024 09:17:16 -0000

When cleaning a dl tag that contains forbidden children like p or br, they are wrapped in a div now since version 2.28. This is wrong, when a div is a child of a dl, it only allows "one or more dt elements followed by one or more dd elements, optionally intermixed with script-supporting elements.". Removing div as preferred child again doesn't fully fix this, for example the following example shows that plain text is still kept as child which also isn't allowed:

<dl><p>Paragraph1</p><dt>Term</dt><br /><dd>Definition</dd><p>Paragraph2</p></dl>

is cleaned as

<p><br /></p><p></p><dl>Paragraph1<dt>Term</dt><dd>Definition</dd>Paragraph2</dl>

Behaviour on unknown tags depends on capitalization of letters

Mikhail Dvorkin — Wed, 10 Apr 2024 12:18:04 -0000

Since version 2.19, the behaviour (without any behaviour modificatoins) on unknown tags is different depending on letter capitalization. This was not the case in versions 2.18- and is very counterintuitive.

val s = "<html><body><p><atag>1</atag><b>2</b></p></body></html>"
println(HtmlCleaner().clean(s).getElementsByName("p", true)[0].childTagList)
// [atag, b]

// Changed only atag -> aTag
val s = "<html><body><p><aTag>1</aTag><b>2</b></p></body></html>"
println(HtmlCleaner().clean(s).getElementsByName("p", true)[0].childTagList)
// [aTag]

Please fix it, so that behaviour on these two samples is consistent.

#239 CDATA added for any kind of scripts even for application/json ones

Simon Urli — Thu, 28 Mar 2024 17:01:33 -0000

I tried to work on that issue, I think I actually made too much changes: in particular I saw that XmlSerializer#dontEscape is used both for knowing if the content needs to be escaped and to know if CDATA should be added, which is a problem here as we still don't want to escape the content even without a CDATA.
So I think same problem might apply to DomSerializer, in which case my code is probably wrong and I might miss adding a unit test somewhere.

CDATA added for any kind of scripts even for application/json ones

Simon Urli — Thu, 28 Mar 2024 16:13:28 -0000

Right now the API for adding CDATA only allow to define the tags where to add them, and by default it's using script and style. However, it's a problem for cleaning application/json scripts, as it produces invalid JSON: CDATA is indeed produced with a comment and JSON cannot contain comments.
Ideally the API should be able to define filters for ignoring where specifically to add CDATA. Now by default it should probably ignore any script tags that targets application/json type.

Various tags incorrectly not marked as phrasing content in HTML5

Simon Urli — Fri, 01 Mar 2024 09:36:47 -0000

Hello,

I'm currently working on upgrading XWiki to use HtmlCleaner 2.29 and it seems https://sourceforge.net/p/htmlcleaner/bugs/228/ has been fixed without taking into account Michael Hamann's comment here: https://sourceforge.net/p/htmlcleaner/bugs/228/#442b

So right now it seems that the following tags are not properly handled as phrasing content:
* data
* embed
* iframe
* img
* math
* object
* picture
* q
* template
* video

Note that we're taking that list of phrasing tag from the spec here https://html.spec.whatwg.org/#phrasing-content-2

You can check the unit test we're using to spot issues there: https://github.com/xwiki/xwiki-commons/blob/xwiki-commons-15.10.6/xwiki-commons-core/xwiki-commons-xml/src/test/java/org/xwiki/xml/internal/html/HTML5HTMLCleanerTest.java#L148-L184

#228 svg incorrectly not marked as phrasing content in HTML5

Simon Urli — Fri, 01 Mar 2024 09:29:40 -0000

@scottwilson it seems you forgot to close that one: I can see a commit related to it before release 2.28, see https://sourceforge.net/p/htmlcleaner/code/595/

#94 General suggestion: copy mutable field values / arguments instead of returning / using them directly

Dave — Wed, 21 Jun 2023 03:00:19 -0000

Sure, let me see what I can do.