[Owasp-antisamy] Indefinite loop in"org.owasp.validator.html.scan.AntiSamyDOMScanner" class
arshan.dabirsiaghi at aspectsecurity.com
Tue Nov 18 12:21:31 EST 2008
Thank you so much, Gang. I will verify this later on, and hopefully after the holidays we will release 1.3, which should contain this and many other bug fixes. I will also add this to the list of test cases to make it sure it does not happen in the future.
From: owasp-antisamy-bounces at lists.owasp.org on behalf of Gang Zheng
Sent: Tue 11/18/2008 11:48 AM
To: owasp-antisamy at lists.owasp.org
Subject: [Owasp-antisamy] Indefinite loop in"org.owasp.validator.html.scan.AntiSamyDOMScanner" class
While using AntiSamy for filtering the user inputs, I noticed one problem.
Certain input string in the attribute of HTML tag will cause an
indefinite loop in method "recursiveValidateTag()" of
To reproduce, use the code below:
String userInput = "<a onblur=\"alert(secret)\"
href=\"http://www.google.com\ <http://www.google.com/> ">Google</a>";
AntiSamy as = new AntiSamy();
CleanResults cr = as.scan(userInput, getPolicy());
You will get into an indefinite loop and eventually get OutOfMemoryError.
This is on version 1.2.
The problem occurs at line #500 of AntiSamyDOMScanner.java, where
removeAttribute() is called by passing in attr.getName(). Instead, it
should use original attribute name from the input text, which is
I changed Line #500 from
and it's working fine.
I am not sure if this is a known issue, but I hope you guys can verify
and incorporate the fix into next release.
Thanks for the great work!
- Gang Zheng
Owasp-antisamy mailing list
Owasp-antisamy at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-antisamy