Thanks for your input. I created https://issues.apache.org/jira/browse/SLING-7658 <https://issues.apache.org/jira/browse/SLING-7658>. Konrad
> On 8. May 2018, at 17:45, Carsten Ziegeler <[email protected]> wrote: > > Sounds like a bug to me > > Carsten > > > Konrad Windszus wrote >> >> If I understand the XSS API correctly, the only supported methods for HTML >> contexts are encodeForHtml >> (https://github.com/apache/sling-org-apache-sling-xss/blob/257e7096dad689a46d474d1f251d504ca5508db7/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java#L419) >> and encodeForHtmlAttr >> (https://github.com/apache/sling-org-apache-sling-xss/blob/257e7096dad689a46d474d1f251d504ca5508db7/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java#L427). >> Both always escape & with &! >> >> What should I use if I still want to pertain certain Unicode escape >> characters (https://www.w3.org/International/questions/qa-escapes) like >> certain Emojis (e.g. ✅ should not be modified). >> Is there already some support for this in the XSS API or if not, does it >> make sense to add support there? >> >> Thanks, >> Konrad >> > -- > Carsten Ziegeler > Adobe Research Switzerland > [email protected]
