[Owasp-antisamy] antisamy.net question
Ricardo Lopes
rjlopes at gmail.com
Wed Apr 29 09:38:38 EDT 2009
Hi,
It is, isn't it? is even in bold :-)
2009/4/29 Shawn Shannon <SShannon at web.com>:
> Hello,
>
>
>
> I am just starting to look into the antisamy.net coding.
>
>
>
> When I try the following sample:
>
>
>
> AntiSamy antisamy = new AntiSamy();
>
> Policy policy = null;
>
> policy = Policy.getInstance("antisamy.xml");
>
> int count =
> antisamy.scan("test<script>alert(document.cookie)</script>",
> policy).getNumberOfErrors();
>
>
>
> System.Collections.ArrayList list =
> antisamy.scan("test<script>alert(document.cookie)</script>",
> policy).getErrorMessages();
>
>
>
> The single error message I receive is:
>
>
>
> ? list[0]
>
> "The <b>script</b> tag has been removed for security reasons."
>
>
>
> Why is the error message not referring to the <script> tag found?
>
>
>
>
>
> ________________________________
> Attention:
> The information contained in this message and or attachments is intended
> only for the person or entity to which it is addressed and may contain
> confidential and/or privileged material. Any review, retransmission,
> dissemination or other use of, or taking of any action in reliance upon,
> this information by persons or entities other than the intended recipient is
> prohibited. If you received this in error, please contact the sender and
> delete the material from any system and destroy any copies.
>
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy
>
>
--
Ricardo Lopes
More information about the Owasp-antisamy
mailing list