[owasp-antisamy] Issue with parsing tags containing null bytes

Krpata, Tyler tkrpata at constantcontact.com
Fri Dec 9 10:18:48 EST 2011


IE will interpret <%00script> as a valid script tag and execute javascript. I will file a bug.

From: Arshan Dabirsiaghi <arshan.dabirsiaghi at aspectsecurity.com<mailto:arshan.dabirsiaghi at aspectsecurity.com>>
Date: Fri, 9 Dec 2011 00:02:13 -0500
To: Tyler Krpata <tkrpata at constantcontact.com<mailto:tkrpata at constantcontact.com>>, "owasp-antisamy at lists.owasp.org<mailto:owasp-antisamy at lists.owasp.org>" <owasp-antisamy at lists.owasp.org<mailto:owasp-antisamy at lists.owasp.org>>
Subject: RE: [owasp-antisamy] Issue with parsing tags containing null bytes

How is a URL-encoded null byte dangerous? What is your input and output? If you think something is a bug, please fill out a bug report at [0].

Arshan

P.S. http://code.google.com/p/owaspantisamy/issues/list

From: owasp-antisamy-bounces at lists.owasp.org<mailto:owasp-antisamy-bounces at lists.owasp.org> [mailto:owasp-antisamy-bounces at lists.owasp.org] On Behalf Of Krpata, Tyler
Sent: Thursday, December 08, 2011 5:42 PM
To: owasp-antisamy at lists.owasp.org<mailto:owasp-antisamy at lists.owasp.org>
Subject: [owasp-antisamy] Issue with parsing tags containing null bytes

Hi all,

Has anyone come across the behavior where Java Antisamy does not correctly parse tags that contain a url-encoded null byte at the beginning of the tag? For example <%00script>

Thanks,
Tyler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20111209/5a0b5693/attachment.html 


More information about the Owasp-antisamy mailing list