[Owasp-antisamy] java heap space error

Jason Li jason.li at owasp.org
Wed Mar 25 14:05:09 EDT 2009


I'm happy to try and help out where I can, but it would be better for
you if you directed questions like the ones you've been asking to the
entire AntiSamy list where our whole development team can read and

This looks like an issue that was identified in NekoHTML, which is the
parser used by AntiSamy to parse HTML.

I'll let Arshan comment on it since he's more familiar with this functionality.
-Jason Li-
-jason.li at owasp.org-

On Wed, Mar 25, 2009 at 12:09 PM, Andrew Grosset <ag5743 at telus.net> wrote:
> Hi Jason,
> I am getting a java heap space error if my text contains this:
>  http://www.example.com/?var=<SCRIPT%20a='>'%20SRC="http://www."></script>
> or http://www.example.com/?var=<SCRIPT%20a=">"%20SRC="http://www."></script>
> I can prevent the error by using the CF code below before passing it to
> antisamy
>   <cfset text = replace(text,""">""","","all")>
>     <cfset text = replace(text,"""<""","","all")>
>     <cfset text = replace(text,"'>'","","all")>
>     <cfset text = replace(text,"'<'","","all")>
> Andrew

More information about the Owasp-antisamy mailing list