Skip to content
KSEF-BUS-190 SECURITY Warning KSeF Guard Only

HTML tags in invoice text fields

Znaczniki HTML w polach tekstowych faktury

Problem

An invoice text field contains HTML tags (e.g. <b>, <div>). KSeF invoice fields must contain plain text only.

How to Fix

Check item descriptions and other text fields — remove all HTML tags. Paste plain text without formatting.

Source Reference

KSeF Guard security heuristic (HTML injection prevention)

View source

Source Quote

“Invoice text fields must not contain HTML tags, which are not processed by KSeF.”
Description SHA-256: 03e425b384ec…

Justification

FORMAT

Legal Basis Chain

1

KSeF Guard — invoice text fields are plain text

KSeF Guard — pola tekstowe to czysty tekst

“[KSeF Guard heuristic] Invoice text fields in the FA(3) schema are of xsd:string type and should contain plain text only. HTML tags are not explicitly prohibited by the VAT Act, but in practice the KSeF gateway does not interpret them, and their presence creates a risk of unexpected rendering in downstream systems — a typical XSS vector in intermediary applications.”
KSeF Guard security heuristic (HTML injection prevention)