[owasp-antisamy] antisamy insert attribute if not exists
jason.li at owasp.org
Fri Jul 15 17:48:45 EDT 2011
It is not possible to add content or attributes with AntiSamy in the manner
that you are describing. AntiSamy is an HTML validation library - it is not
meant to apply new logic.
You could take the DOM output of AntiSamy and programmatically replace all
target attributes in any anchor tags without _blank.
The filterTag action retains the text-node content of a DOM element. For
example, for the element:
Filtering would return:
On Wed, Jul 13, 2011 at 3:06 PM, Grid Bag <nogridbag at gmail.com> wrote:
> In my antisamy policy file, I would like to ensure the anchor tag
> "target" attribute is always "_blank" (a href="http://www.google.com"
> target="_blank"). If this attribute does not exist or is a different
> value, I want target="_blank" to be inserted.
> Is this possible?
> As far as I know, the only onInvalid actions are "removeTag",
> "removeAttribute", and filterTag. (Are these documented anywhere?)
> I'm not 100% sure what filterTag does exactly, but the other two
> options are definitely not what I want.
> This is what we currently have, but it doesn't seem to be working.
> <tag name="a" action="validate">
> <attribute name="href" onInvalid="filterTag"/>
> <attribute name="target" onInvalid="filterTag">
> <literal value="_blank"/>
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-antisamy