[Owasp-antisamy] Basic question

Jean Arcand jarcand at gmail.com
Thu Jun 11 09:09:37 EDT 2009


I've been using the default policy file to scan some user inputs and obvious
inputs like "<script type="text/javascript"
does get remove by the scanner but doesn't throw an error
(cr.getNumberOfErrors() == 0).

It's confusing since I was hoping I could rely on the error message list to
detect hacking attempts and log the user off, did I missed anything?

Thanks for the help!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20090611/5f73e233/attachment.html 

More information about the Owasp-antisamy mailing list