[Owasp-antisamy] HTML & CSS Formatting Issues

Luke Bunselmeyer LBunselmeyer at EZREZ.COM
Fri May 8 14:54:59 EDT 2009


Hello,

 

I'm trying out AntiSamy.  So far the tool is very promising.  I was
testing the ebay policy, and I noticed some issues with the cleaned HTML
and CSS.  See the details below.   Are there any configurations to
control this output?

 

Thanks in advance,

Luke

 

Policy: antisamy-ebay-1.3.xml

 

== HTML Issues ==

* Styling: Pixel witdths are formated with decimal precision.  IS:
1.0px, Should Be: 1px;

* Whitespace: Original line breaks are stripped.

 

== Dirty HTML ==

<div style="border: 1px solid red;background-color:pink;padding: 5px;"
onclick="alert('EzWhat?  EzRez!');">

  <h3>Title</h3>

 

  <p>Here is some super fun user content! Yeah!</p>

 

  <a href="#" onclick="alert('Look an alert!')">Click Me!</a>

</div>

 

== Cleaned HTML ==

<div style="border: 1.0px solid red;padding: 5.0px;">

  <h3>Title</h3>

  <p>Here is some super fun user content! Yeah!</p>

  <a href="#">Click Me!</a></div>

 

== CSS Issues ==

* <![CDATA ]]> tag inserted into style tag.

* Pixel witdths are formated with decimal precision.  IS: 1.0px, Should
Be: 1px;

* Class selectors formated with * prefix.  Is: *.blue {}, Should Be:
.blue {}

* Hex colors are formatted with rgb method. Is: rgb(255,255,255), Should
Be: #ffffff

* Comments are stripped

  

== Dirty CSS == 

<style>

BODY {

  background-color: #ffffff;

  font-family: verdana, arial, tahoma;

  font-size: 10px;

  margin-bottom: 0;

  margin-left: 0;

  margin-right: 0;

  margin-top: 0;

}

 

/*a {color:#017DDE; font-family: verdana, arial, tahoma; font-size:
10px; font-weight : bold;}*/

p, ol, ul, li, i, td {

  color: #000000;

  font-family: verdana, arial, tahoma;

  font-size: 10px;

}

 

.blue {

  color: #000000;

  font-family: verdana, arial, tahoma;

  font-size: 11px;

}

</style>

 

== Cleaned CSS == 

<style><![CDATA[BODY {

                background-color: rgb(255,255,255);

                font-family: verdana , arial , tahoma;

                font-size: 10.0px;

                margin-bottom: 0;

                margin-left: 0;

                margin-right: 0;

                margin-top: 0;

}

p, ol, ul, li, i, td {

                color: rgb(0,0,0);

                font-family: verdana , arial , tahoma;

                font-size: 10.0px;

}

 

*.blue {

                color: rgb(0,0,0);

                font-family: verdana , arial , tahoma;

                font-size: 11.0px;

}

]]></style>

 

__________________________________________________________  
Luke Bunselmeyer || Sr Web Developer || EzRez Software, Inc. 
Tel: 415.541.9100 x2067  || Fax: 415.541.9888  ||  www.ezrez.com
<http://www.ezrez.com/> 

 


This message may contain confidential information.  If you are not the intended recipient (or authorized to receive for the recipient) and received this message in error; any use, distribution or disclosure is strictly prohibited.  Please contact the sender by reply email and delete all copies of this message from your computer system.  The views and opinions expressed in this email are those of the sender and do not necessarily reflect the views or policies of EzRez Software, except when the sender expressly and with authority states them to be so.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20090508/b9539048/attachment.html 


More information about the Owasp-antisamy mailing list