[owasp-antisamy] Issue with parsing tags containing null bytes
arshan.dabirsiaghi at aspectsecurity.com
Fri Dec 9 00:02:13 EST 2011
How is a URL-encoded null byte dangerous? What is your input and output?
If you think something is a bug, please fill out a bug report at .
From: owasp-antisamy-bounces at lists.owasp.org
[mailto:owasp-antisamy-bounces at lists.owasp.org] On Behalf Of Krpata,
Sent: Thursday, December 08, 2011 5:42 PM
To: owasp-antisamy at lists.owasp.org
Subject: [owasp-antisamy] Issue with parsing tags containing null bytes
Has anyone come across the behavior where Java Antisamy does not
correctly parse tags that contain a url-encoded null byte at the
beginning of the tag? For example <%00script>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-antisamy