[Owasp-antisamy] org.w3c.dom problem using antisamy

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Tue Apr 15 14:37:02 EDT 2008

We have a few options for bug tracking. Google Code has a bug tracking system and OWASP has a wiki (www.owasp.org). I personally feel that the Google bug tracking approach is best.
As far as your problem - I have removed all instances of getTextContent(), and as far as I can tell, any other scandalous optional API from the source. I am publishing 1.1.1 in a few hours (the source/JAR are already up on Google Code) and the changelist will have the gory details. I will be sure to include the debug information in the next release.


From: owasp-antisamy-bounces at lists.owasp.org on behalf of Arnout Engelen
Sent: Tue 4/15/2008 5:00 AM
To: owasp-antisamy at lists.owasp.org
Subject: [Owasp-antisamy] org.w3c.dom problem using antisamy


When using antisamy in a webapp running under resin 2 (don't ask), I ran

Caused by: java.lang.UnsupportedOperationException
        at com.caucho.xml.QAbstractNode.getTextContent(QAbstractNode.java:301)
        at org.owasp.validator.html.Policy.parseTagRules(Unknown Source)
        at org.owasp.validator.html.Policy.<init>(Unknown Source)
        at org.owasp.validator.html.Policy.getInstance(Unknown Source)

Looks like Policy.parseTagRules uses a method of org.w3c.dom that's not always
implemented. (also, it'd be valuable for debugging if releases were built with
line number information)

I worked around it (somewhat hackishly) by setting a system property before
initializing AntiSamy like this:


Perhaps we should make a wikipage to record these kind of gotcha's and
solutions for them?

Kind regards,

Owasp-antisamy mailing list
Owasp-antisamy at lists.owasp.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20080415/0a71aa01/attachment.html 

More information about the Owasp-antisamy mailing list