[Esapi-user] INVALID_CHARACTER_ERR in style tag

Blanca Hernandez blanca.hernandez at willhaben.at
Mon Jun 24 15:40:06 UTC 2013



Analyzing this piece of code:


<div style=3D"padding:20px 20px;">


Owasp return: Invalid HTML input org.owasp.validator.html.ScanException: org.w3c.dom.DOMException: INVALID_CHARACTER_ERR: An invalid or illegal XML character is specified.


The only mistake ist that it shoud be: <div style=3D"padding:20px;">


There are many cases like this one and it makes invalid a whole HTML. In my point of view, this is not a security issue, and it shouldn´t be reported, am I right? 

The last commited OWASP version is from 2011, is there a later one? In that case, how could I update my dependencies? (I haven´t found something actual). Is the development of this library going ahead at all?


Any advice or idea would be really appreciated. Thanks in advance!




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20130624/5f135d8c/attachment.html>

More information about the Esapi-user mailing list