[Owasp-antisamy] Indefinite loop in "org.owasp.validator.html.scan.AntiSamyDOMScanner" class

Gang Zheng gzheng at gmail.com
Tue Nov 18 11:48:08 EST 2008


While using AntiSamy for filtering the user inputs, I noticed one problem.

Certain input string in the attribute of HTML tag will cause an
indefinite loop in method "recursiveValidateTag()" of

To reproduce, use the code below:

 String userInput = "<a onblur=\"alert(secret)\"
 AntiSamy as = new AntiSamy();
 CleanResults cr = as.scan(userInput, getPolicy());

You will get into an indefinite loop and eventually get OutOfMemoryError.

This is on version 1.2.

The problem occurs at line #500 of AntiSamyDOMScanner.java, where
removeAttribute() is called by passing in attr.getName(). Instead, it
should use original attribute name from the input text, which is

I changed Line #500 from




and it's working fine.

I am not sure if this is a known issue, but I hope you guys can verify
and incorporate the fix into next release.

Thanks for the great work!

- Gang Zheng

More information about the Owasp-antisamy mailing list