KSEF-BUS-190 SECURITY Warning KSeF Guard Only
HTML tags in invoice text fields
Znaczniki HTML w polach tekstowych faktury
Problem
An invoice text field contains HTML tags (e.g. <b>, <div>). KSeF invoice fields must contain plain text only.
How to Fix
Check item descriptions and other text fields — remove all HTML tags. Paste plain text without formatting.
Source Reference
KSeF Guard security heuristic (HTML injection prevention)
Source Quote
“Invoice text fields must not contain HTML tags, which are not processed by KSeF.”
Description
SHA-256: 03e425b384ec…
Justification
FORMATLegal Basis Chain
1
KSeF Guard — invoice text fields are plain text
KSeF Guard — pola tekstowe to czysty tekst
“[KSeF Guard heuristic] Invoice text fields in the FA(3) schema are of xsd:string type and should contain plain text only. HTML tags are not explicitly prohibited by the VAT Act, but in practice the KSeF gateway does not interpret them, and their presence creates a risk of unexpected rendering in downstream systems — a typical XSS vector in intermediary applications.”
KSeF Guard security heuristic (HTML injection prevention)