[Owasp-antisamy] Leave attribute value untouched

Ricardo Lopes rjlopes at gmail.com
Thu May 14 06:01:30 EDT 2009


Hi, the attribute remains, but the content is empty.

Here is an example:

Before:
-------
just a test, <span class="Apple-style-span" style="font-weight:
bold;">this is bold</span>,<span class="Apple-style-span"
style="font-style: italic;">this italic</span>, <span
class="Apple-style-span" style="text-decoration: underline;">and
underline</span><div style="text-align:
center;">centered</div><div>left</div><div style="text-align:
right;">right</div><div style="text-align:
left;">END.</div><div><br></div>

After:
-------
just a test, <span style="">this is bold</span>,<span style="">this
italic</span>, <span style="">and underline</span><div
style="">centered</div><div>left</div><div style="">right</div><div
style="">END.</div><div><br /></div>

I created a custom policy file to match the valid elements I have on a
wysiwyg editor (jwysiwyg), the policy file is included as attachment.
In this file I declared the style on the common-attributes section and
reference it on the global-tag-attributes, there are also some
css-rules defined but as the .NET antisamy version I use doesn't
include flute I think it should be ignored.

Thanks,
Ricardo Lopes.

2009/5/13 Jerry Hoff <jerry.hoff at aspectsecurity.com>:
> Hi Ricardo,
>
> I'll have to look into it.  The whole style attribute is being trimmed?  So
> are you left with just style="" ?
>
> Jerry
>
> -----Original Message-----
> From: owasp-antisamy-bounces at lists.owasp.org on behalf of Ricardo Lopes
> Sent: Wed 5/13/2009 12:19 PM
> To: owasp-antisamy at lists.owasp.org
> Subject: [Owasp-antisamy] Leave attribute value untouched
>
> Hi,
>
> I am using the .Net version of Antisamy (before Flute).
>
> What do I have to do on the policy file to prevent antisamy from
> trimming the style attribute value from the tags?
>
> Thanks,
> Ricardo Lopes.
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy
>
>



-- 

Ricardo Lopes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: antisamy-jwysiwyg.xml
Type: text/xml
Size: 36352 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20090514/53fd27d7/attachment-0001.xml 


More information about the Owasp-antisamy mailing list