[Owasp-antisamy] antisamy.net question

Ricardo Lopes rjlopes at gmail.com
Wed Apr 29 09:38:38 EDT 2009


Hi,

It is, isn't it? is even in bold :-)

2009/4/29 Shawn Shannon <SShannon at web.com>:
> Hello,
>
>
>
> I am just starting to look into the antisamy.net coding.
>
>
>
> When I try the following sample:
>
>
>
>                     AntiSamy antisamy = new AntiSamy();
>
>                     Policy policy = null;
>
>                     policy = Policy.getInstance("antisamy.xml");
>
>                     int count =
> antisamy.scan("test<script>alert(document.cookie)</script>",
> policy).getNumberOfErrors();
>
>
>
>                     System.Collections.ArrayList list =
> antisamy.scan("test<script>alert(document.cookie)</script>",
> policy).getErrorMessages();
>
>
>
> The single error message I receive is:
>
>
>
> ? list[0]
>
> "The <b>script</b> tag has been removed for security reasons."
>
>
>
> Why is the error message not referring to the <script> tag found?
>
>
>
>
>
> ________________________________
> Attention:
> The information contained in this message and or attachments is intended
> only for the person or entity to which it is addressed and may contain
> confidential and/or privileged material. Any review, retransmission,
> dissemination or other use of, or taking of any action in reliance upon,
> this information by persons or entities other than the intended recipient is
> prohibited. If you received this in error, please contact the sender and
> delete the material from any system and destroy any copies.
>
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy
>
>



-- 

Ricardo Lopes


More information about the Owasp-antisamy mailing list