[Owasp-antisamy] antisamy.net question

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Wed Apr 29 10:45:17 EDT 2009


Don't worry about it. Let us know how you're integration experience goes.
 
Arshan

________________________________

From: Shawn Shannon [mailto:SShannon at web.com]
Sent: Wed 4/29/2009 10:42 AM
To: Arshan Dabirsiaghi; Ricardo Lopes
Subject: RE: [Owasp-antisamy] antisamy.net question



My fault. Sorry about the mistake. I glanced at it and just noticed the <b> tag and did not notice the script word in the error message. 

 

Shawn

 

From: Arshan Dabirsiaghi [mailto:arshan.dabirsiaghi at aspectsecurity.com] 
Sent: Wednesday, April 29, 2009 10:26 AM
To: Ricardo Lopes; Shawn Shannon
Cc: owasp-antisamy at lists.owasp.org
Subject: RE: [Owasp-antisamy] antisamy.net question

 

I agree - I see the error message right there. Are we misinterpreting what you are showing us?

 

Arshan

 

________________________________

From: owasp-antisamy-bounces at lists.owasp.org on behalf of Ricardo Lopes
Sent: Wed 4/29/2009 9:38 AM
To: Shawn Shannon
Cc: owasp-antisamy at lists.owasp.org
Subject: Re: [Owasp-antisamy] antisamy.net question

Hi,

It is, isn't it? is even in bold :-)

2009/4/29 Shawn Shannon <SShannon at web.com>:
> Hello,
>
>
>
> I am just starting to look into the antisamy.net coding.
>
>
>
> When I try the following sample:
>
>
>
>                     AntiSamy antisamy = new AntiSamy();
>
>                     Policy policy = null;
>
>                     policy = Policy.getInstance("antisamy.xml");
>
>                     int count =
> antisamy.scan("test<script>alert(document.cookie)</script>",
> policy).getNumberOfErrors();
>
>
>
>                     System.Collections.ArrayList list =
> antisamy.scan("test<script>alert(document.cookie)</script>",
> policy).getErrorMessages();
>
>
>
> The single error message I receive is:
>
>
>
> ? list[0]
>
> "The <b>script</b> tag has been removed for security reasons."
>
>
>
> Why is the error message not referring to the <script> tag found?
>
>
>
>
>
> ________________________________
> Attention:
> The information contained in this message and or attachments is intended
> only for the person or entity to which it is addressed and may contain
> confidential and/or privileged material. Any review, retransmission,
> dissemination or other use of, or taking of any action in reliance upon,
> this information by persons or entities other than the intended recipient is
> prohibited. If you received this in error, please contact the sender and
> delete the material from any system and destroy any copies.
>
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy
>
>



--

Ricardo Lopes
_______________________________________________
Owasp-antisamy mailing list
Owasp-antisamy at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-antisamy


________________________________

Attention:
The information contained in this message and or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20090429/3c00c9f7/attachment-0001.html 


More information about the Owasp-antisamy mailing list