[Owasp-antisamy] java heap space error

Andrew Grosset ag5743 at telus.net
Wed Mar 25 15:35:40 EDT 2009


Thankyou Arshan,

I can confirm that an "old" NekoHTML jar file was the problem. However 
since I have only recently
downloaded antisamy I'm probably not the only one with the "old" jar file.

I downloaded the "new" jar file from http://nekohtml.sourceforge.net/

thanks again, Andrew.

Arshan Dabirsiaghi wrote:

>That behavior is the result of an issue discovered with NekoHTML as Jason indicated. I believe it was fixed in 1.9.11. If you can, make sure your NekoHTML jar file is up to date.
>
>Cheers,
>Arshan
>
>-----Original Message-----
>From: owasp-antisamy-bounces at lists.owasp.org [mailto:owasp-antisamy-bounces at lists.owasp.org] On Behalf Of Jason Li
>Sent: Wednesday, March 25, 2009 2:05 PM
>To: Andrew Grosset
>Cc: owasp-antisamy at lists.owasp.org
>Subject: Re: [Owasp-antisamy] java heap space error
>
>Andrew,
>
>I'm happy to try and help out where I can, but it would be better for
>you if you directed questions like the ones you've been asking to the
>entire AntiSamy list where our whole development team can read and
>respond.
>
>This looks like an issue that was identified in NekoHTML, which is the
>parser used by AntiSamy to parse HTML.
>
>I'll let Arshan comment on it since he's more familiar with this functionality.
>--
>-Jason Li-
>-jason.li at owasp.org-
>
>
>
>On Wed, Mar 25, 2009 at 12:09 PM, Andrew Grosset <ag5743 at telus.net> wrote:
>  
>
>>Hi Jason,
>>
>>I am getting a java heap space error if my text contains this:
>> http://www.example.com/?var=<SCRIPT%20a='>'%20SRC="http://www."></script>
>>or http://www.example.com/?var=<SCRIPT%20a=">"%20SRC="http://www."></script>
>>
>>I can prevent the error by using the CF code below before passing it to
>>antisamy
>>
>>  <cfset text = replace(text,""">""","","all")>
>>    <cfset text = replace(text,"""<""","","all")>
>>    <cfset text = replace(text,"'>'","","all")>
>>    <cfset text = replace(text,"'<'","","all")>
>>
>>Andrew
>>
>>    
>>
>_______________________________________________
>Owasp-antisamy mailing list
>Owasp-antisamy at lists.owasp.org
>https://lists.owasp.org/mailman/listinfo/owasp-antisamy
>
>  
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20090325/91c06c32/attachment.html 


More information about the Owasp-antisamy mailing list