[Owasp-antisamy] Basic question

Jean Arcand jarcand at gmail.com
Thu Jun 11 09:09:37 EDT 2009


Greetings,

I've been using the default policy file to scan some user inputs and obvious
inputs like "<script type="text/javascript"
src="http://www.abc.com/test.js"></script>"
does get remove by the scanner but doesn't throw an error
(cr.getNumberOfErrors() == 0).

It's confusing since I was hoping I could rely on the error message list to
detect hacking attempts and log the user off, did I missed anything?

Thanks for the help!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20090611/5f73e233/attachment.html 


More information about the Owasp-antisamy mailing list