[Owasp-antisamy] Null pointer is thrown when passing empty <style> element

• Previous message: [Owasp-antisamy] Error parsing <style> contents containing CDATA
• Next message: [Owasp-antisamy] Null pointer is thrown when passing empty <style>element
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

When I pass in a style sheet containing an empty <style> element, the
AntiSamy code throws Null pointer exception.

To reproduce, pass an input string of "<style type="text/css"></style>".

There is a defect in AntiSamyDOMScanner.java, around line number 315.
The current code calls "node.getFirstChild().getNodeValue()" without
checking the null pointer condition, which will happen when the above
empty <style> tag is given as input.

I made the following code change, and it works fine:

Node firstChild = node.getFirstChild();
if (firstChild != null) {
  try {
    CleanResults cr =
styleScanner.scanStyleSheet(firstChild.getNodeValue(),
policy.getMaxInputSize());
    errorMessages.addAll(cr.getErrorMessages());
    ...

Please verify and fix the code in the next release.

Thanks.

Gang Zheng

• Previous message: [Owasp-antisamy] Error parsing <style> contents containing CDATA
• Next message: [Owasp-antisamy] Null pointer is thrown when passing empty <style>element
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]