[Owasp-antisamy] Indefinite loop in"org.owasp.validator.html.scan.AntiSamyDOMScanner" class

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Tue Nov 18 12:21:31 EST 2008


Thank you so much, Gang. I will verify this later on, and hopefully after the holidays we will release 1.3, which should contain this and many other bug fixes. I will also add this to the list of test cases to make it sure it does not happen in the future.
 
Thanks,
Arshan

________________________________

From: owasp-antisamy-bounces at lists.owasp.org on behalf of Gang Zheng
Sent: Tue 11/18/2008 11:48 AM
To: owasp-antisamy at lists.owasp.org
Subject: [Owasp-antisamy] Indefinite loop in"org.owasp.validator.html.scan.AntiSamyDOMScanner" class



Hi,

While using AntiSamy for filtering the user inputs, I noticed one problem.

Certain input string in the attribute of HTML tag will cause an
indefinite loop in method "recursiveValidateTag()" of
"AntiSamyDOMScanner.java".

To reproduce, use the code below:

 String userInput = "<a onblur=\"alert(secret)\"
href=\"http://www.google.com\ <http://www.google.com/> ">Google</a>";
 AntiSamy as = new AntiSamy();
 CleanResults cr = as.scan(userInput, getPolicy());

You will get into an indefinite loop and eventually get OutOfMemoryError.

This is on version 1.2.

The problem occurs at line #500 of AntiSamyDOMScanner.java, where
removeAttribute() is called by passing in attr.getName(). Instead, it
should use original attribute name from the input text, which is
"attribute.getNodeName()".

I changed Line #500 from

 ele.removeAttribute(attr.getName());

to

 ele.removeAttribute(attribute.getNodeName());

and it's working fine.

I am not sure if this is a known issue, but I hope you guys can verify
and incorporate the fix into next release.

Thanks for the great work!

- Gang Zheng
_______________________________________________
Owasp-antisamy mailing list
Owasp-antisamy at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-antisamy


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20081118/234bdc6b/attachment.html 


More information about the Owasp-antisamy mailing list