[owasp-antisamy] Issue with parsing tags containing null bytes

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Fri Dec 9 00:02:13 EST 2011

How is a URL-encoded null byte dangerous? What is your input and output?
If you think something is a bug, please fill out a bug report at [0].




P.S. http://code.google.com/p/owaspantisamy/issues/list


From: owasp-antisamy-bounces at lists.owasp.org
[mailto:owasp-antisamy-bounces at lists.owasp.org] On Behalf Of Krpata,
Sent: Thursday, December 08, 2011 5:42 PM
To: owasp-antisamy at lists.owasp.org
Subject: [owasp-antisamy] Issue with parsing tags containing null bytes


Hi all,


Has anyone come across the behavior where Java Antisamy does not
correctly parse tags that contain a url-encoded null byte at the
beginning of the tag? For example <%00script>




-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20111209/2de0b222/attachment.html 

More information about the Owasp-antisamy mailing list