[Owasp-antisamy] escaped tags goes thru without getting removed

• Previous message: [Owasp-antisamy] policy file questions
• Next message: [Owasp-antisamy] escaped tags goes thru without getting removed
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I am using 1.3 version and i have tried all the 4 policy files. They all 
give the same result.

For example, if my html is this (passing line by line to antisamy):

      <script>alert('Channel Title Description Vulnerability - 
Type 2')</script>
      <script>alert('Channel Link Vulnerability - Type 
2')</script>
      javascript:alert('Channel Image URL Vulnerability - Type 1');

the output I am getting is:

      <script>alert('Channel Title Description 
Vulnerability - Type 2')</script> 
      <script>alert('Channel Link Vulnerability - Type 
2')</script>    
      javascript:alert('Channel Image URL Vulnerability - Type 1');

any idea on how to remove the tags like 
script/javascript/embed/frame/etc even if they are escaped.

• Previous message: [Owasp-antisamy] policy file questions
• Next message: [Owasp-antisamy] escaped tags goes thru without getting removed
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]