[Owasp-antisamy] antisamy.net question

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Wed Apr 29 10:26:17 EDT 2009


I agree - I see the error message right there. Are we misinterpreting what you are showing us?
 
Arshan

________________________________

From: owasp-antisamy-bounces at lists.owasp.org on behalf of Ricardo Lopes
Sent: Wed 4/29/2009 9:38 AM
To: Shawn Shannon
Cc: owasp-antisamy at lists.owasp.org
Subject: Re: [Owasp-antisamy] antisamy.net question



Hi,

It is, isn't it? is even in bold :-)

2009/4/29 Shawn Shannon <SShannon at web.com>:
> Hello,
>
>
>
> I am just starting to look into the antisamy.net coding.
>
>
>
> When I try the following sample:
>
>
>
>                     AntiSamy antisamy = new AntiSamy();
>
>                     Policy policy = null;
>
>                     policy = Policy.getInstance("antisamy.xml");
>
>                     int count =
> antisamy.scan("test<script>alert(document.cookie)</script>",
> policy).getNumberOfErrors();
>
>
>
>                     System.Collections.ArrayList list =
> antisamy.scan("test<script>alert(document.cookie)</script>",
> policy).getErrorMessages();
>
>
>
> The single error message I receive is:
>
>
>
> ? list[0]
>
> "The <b>script</b> tag has been removed for security reasons."
>
>
>
> Why is the error message not referring to the <script> tag found?
>
>
>
>
>
> ________________________________
> Attention:
> The information contained in this message and or attachments is intended
> only for the person or entity to which it is addressed and may contain
> confidential and/or privileged material. Any review, retransmission,
> dissemination or other use of, or taking of any action in reliance upon,
> this information by persons or entities other than the intended recipient is
> prohibited. If you received this in error, please contact the sender and
> delete the material from any system and destroy any copies.
>
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy
>
>



--

Ricardo Lopes
_______________________________________________
Owasp-antisamy mailing list
Owasp-antisamy at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-antisamy


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20090429/00c2456e/attachment.html 


More information about the Owasp-antisamy mailing list