[Owasp-antisamy] AntiSAMY Defect (Shishir Kumar)

Carlos Aguayo carlos.aguayo at gmail.com
Fri Sep 19 12:12:01 EDT 2008


I can't reproduce this either.

> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 19 Sep 2008 16:59:32 +0530
> From: "Shishir Kumar" <shishirroy2000 at gmail.com>
> Subject: [Owasp-antisamy] AntiSAMY Defect
> To: owasp-antisamy at lists.owasp.org,
>        arshan.dabirsiaghi at aspectsecurity.com
> Message-ID:
>        <49e43b590809190429k34a5dd21u44ca93b82269166a at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi,
>
> I found that if user input text at UI as:
>
> <script type=\"text/javascript\">document.write(\"Hello World!\");</script>
>
> The scan goes to infinite loop and throws OutOfMemoryError
>
> as.scan(inputData, policy);
>
> Note: For Input below input it works fine. So the problem is something with
> \
>
> <script type="text/javascript">document.write("Hello World!");</ script >
>
> Regards,
>
> Shishir Kumar
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20080919/5e6d75ee/attachment-0001.html
>
> ------------------------------
>
> Message: 2
> Date: Fri, 19 Sep 2008 17:31:49 +0400
> From: Serge Droganov <sergei at droganov.ru>
> Subject: Re: [Owasp-antisamy] AntiSAMY Defect
> To: "Shishir Kumar" <shishirroy2000 at gmail.com>
> Cc: owasp-antisamy at lists.owasp.org
> Message-ID: <209C0B6D-479D-4925-8E15-E84A14F645FF at droganov.ru>
> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
>
> Hi,
> That's probably not about AntiSamy. I can't get infinite loop.
> http://blog.supremedesign.ru/xss
>
>
> On Sep 19, 2008, at 3:29 PM, Shishir Kumar wrote:
>
>> <script type=\"text/javascript\">document.write(\"Hello World!\");</
>> script>
>
>
>
> ------------------------------
>
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy
>
>
> End of Owasp-antisamy Digest, Vol 11, Issue 2
> *********************************************
>


More information about the Owasp-antisamy mailing list