[Owasp-antisamy] Fwd: HEX code to RGB

Raphael L. Moita raphael.moita at gmail.com
Thu Apr 23 12:42:29 EDT 2009


Great!

I'm looking forward to get the next AntiSamy release and remove the ugly
workaround we had done to keep hex codes! :)

Thanks a lot for your support Jason

--
Raphael Moita


On Sat, Apr 18, 2009 at 3:35 AM, Jason Li <jason.li at owasp.org> wrote:

> Thanks for forwarding my message Arshan.
>
> Raphael,
>
> As I said in that email, there is no way to avoid the color
> canonicalization in AntiSamy at the moment. It's basically the same
> effect as the canonicalization of apostrophes to quotes for tag
> attributes.
>
> I will however retract my previous statement about requiring a lot of
> effort to change. I did some thinking on my commute home today and I
> realized there's actually a very simple solution.
>
> Providing the ability to keep the original formatting with CSS (and I
> suspect HTML as well) would be a significant undertaking that I'm not
> even sure is possible. However, instead of trying to retain the
> original formatting, what I can instead provide is a way to
> canonicalize both to rgb code or hex code format and introduce a new
> directive allowing users to specify which method they would prefer to
> be used in canonicalization.
>
> My only concern is that we've been introducing a lot of extra
> "directives" in the policy file so I believe we're starting to see the
> "second-system effect" on AntiSamy. I'll have a discussion with Arshan
> about it, but you can probably expect to see the new functionality in
> the next release.
>
> I've opened an issue for it in Google Code but I've left the status as
> New pending my discussion with Arshan. You can track the issue here:
> http://code.google.com/p/owaspantisamy/issues/detail?id=42
>
> --
> -Jason Li-
> -jason.li at owasp.org-
>
>
>
> On Fri, Apr 17, 2009 at 6:06 PM, Arshan Dabirsiaghi
> <arshan.dabirsiaghi at aspectsecurity.com> wrote:
> >
> >
> >
> >
> > Begin forwarded message:
> >
> > From: Jason Li <jli at owasp.org>
> > Date: April 17, 2009 12:04:20 PM EDT
> > To: Arshan Dabirsiaghi <arshan.dabirsiaghi at aspectsecurity.com>
> > Subject: Fwd: [Owasp-antisamy] HEX code to RGB
> >
> > Arshan,
> > My response from my iPhone got bounced. Can you send the reply below to
> the
> > list?
> > -Jason
> >
> >
> > Begin forwarded message:
> >
> > From: Jason Li <jason.li at owasp.org>
> > Date: April 17, 2009 11:59:50 AM EDT
> > To: "Raphael L. Moita" <raphael.moita at gmail.com>
> > Cc: AntiSamy <owasp-antisamy at lists.owasp.org>
> > Subject: Re: [Owasp-antisamy] HEX code to RGB
> >
> > The CSS serializer currently canonicalizes color codes to the RGB values.
> > There is currently no way to avoid this behavior.
> > This behavior is no different than AntiSamy's conversion of attributes
> from
> > apostrophes to quotes. That is, AntiSamy converts:
> > <div id='myid'>stuff</div>
> > Into:
> > <div id="myid">stuff</div>
> > Both of these canonicalizations should be visually equivalent.
> > It would take quite a bit of effort to support complete pass through
> without
> > canonicalization and I'm not convinced it's worth the effort.
> > If you can make a case for it though, we're open to listening.
> > -Jason
> >
> > On Apr 17, 2009, at 11:34 AM, "Raphael L. Moita" <
> raphael.moita at gmail.com>
> > wrote:
> >
> > Hi All,
> >
> > Does someone know why AntiSamy changes values Hex to RGB like this below
> and
> > how can I avoid that?
> >
> > <font style="BACKGROUND-COLOR: #ffff00"> to <font
> style="BACKGROUND-COLOR:
> > rgb(255,255,0)">
> >
> > Thanks in advance
> >
> > --
> > Raphael Moita
> >
> > _______________________________________________
> > Owasp-antisamy mailing list
> > Owasp-antisamy at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-antisamy
> >
> > _______________________________________________
> > Owasp-antisamy mailing list
> > Owasp-antisamy at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-antisamy
> >
> >
>



-- 
--
Raphael Moita
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20090423/32ce6d10/attachment.html 


More information about the Owasp-antisamy mailing list