[owasp-antisamy] antisamy insert attribute if not exists
Jason Li
jason.li at owasp.org
Fri Jul 15 17:48:45 EDT 2011
It is not possible to add content or attributes with AntiSamy in the manner
that you are describing. AntiSamy is an HTML validation library - it is not
meant to apply new logic.
You could take the DOM output of AntiSamy and programmatically replace all
target attributes in any anchor tags without _blank.
The filterTag action retains the text-node content of a DOM element. For
example, for the element:
<em>this text</em>
Filtering would return:
this text
-Jason
On Wed, Jul 13, 2011 at 3:06 PM, Grid Bag <nogridbag at gmail.com> wrote:
> Hi,
> In my antisamy policy file, I would like to ensure the anchor tag
> "target" attribute is always "_blank" (a href="http://www.google.com"
> target="_blank"). If this attribute does not exist or is a different
> value, I want target="_blank" to be inserted.
> Is this possible?
>
> As far as I know, the only onInvalid actions are "removeTag",
> "removeAttribute", and filterTag. (Are these documented anywhere?)
> I'm not 100% sure what filterTag does exactly, but the other two
> options are definitely not what I want.
>
> This is what we currently have, but it doesn't seem to be working.
>
> <tag name="a" action="validate">
> <attribute name="href" onInvalid="filterTag"/>
> <attribute name="target" onInvalid="filterTag">
> <literal-list>
> <literal value="_blank"/>
> </literal-list>
> </attribute>
> .
> .
>
> Thanks!
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20110715/dc72ee00/attachment.html
More information about the Owasp-antisamy
mailing list