[Owasp-antisamy] org.w3c.dom problem using antisamy
Arshan Dabirsiaghi
arshan.dabirsiaghi at aspectsecurity.com
Thu Apr 17 14:56:25 EDT 2008
Arnout,
Did the 1.1.1 release meet your needs regarding this issue?
Thanks,
Arshan
________________________________
From: owasp-antisamy-bounces at lists.owasp.org on behalf of Arnout Engelen
Sent: Tue 4/15/2008 5:00 AM
To: owasp-antisamy at lists.owasp.org
Subject: [Owasp-antisamy] org.w3c.dom problem using antisamy
Hi,
When using antisamy in a webapp running under resin 2 (don't ask), I ran
into:
Caused by: java.lang.UnsupportedOperationException
at com.caucho.xml.QAbstractNode.getTextContent(QAbstractNode.java:301)
at org.owasp.validator.html.Policy.parseTagRules(Unknown Source)
at org.owasp.validator.html.Policy.<init>(Unknown Source)
at org.owasp.validator.html.Policy.getInstance(Unknown Source)
(snip)
Looks like Policy.parseTagRules uses a method of org.w3c.dom that's not always
implemented. (also, it'd be valuable for debugging if releases were built with
line number information)
I worked around it (somewhat hackishly) by setting a system property before
initializing AntiSamy like this:
System.setProperty("javax.xml.parsers.DocumentBuilderFactory",
"org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
Perhaps we should make a wikipage to record these kind of gotcha's and
solutions for them?
Kind regards,
Arnout
_______________________________________________
Owasp-antisamy mailing list
Owasp-antisamy at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-antisamy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20080417/b1da815b/attachment.html
More information about the Owasp-antisamy
mailing list