Sounds like a bug to me Carsten
Konrad Windszus wrote > > If I understand the XSS API correctly, the only supported methods for HTML > contexts are encodeForHtml > (https://github.com/apache/sling-org-apache-sling-xss/blob/257e7096dad689a46d474d1f251d504ca5508db7/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java#L419) > and encodeForHtmlAttr > (https://github.com/apache/sling-org-apache-sling-xss/blob/257e7096dad689a46d474d1f251d504ca5508db7/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java#L427). > Both always escape & with &! > > What should I use if I still want to pertain certain Unicode escape > characters (https://www.w3.org/International/questions/qa-escapes) like > certain Emojis (e.g. ✅ should not be modified). > Is there already some support for this in the XSS API or if not, does it make > sense to add support there? > > Thanks, > Konrad > -- Carsten Ziegeler Adobe Research Switzerland [email protected]
