[owasp-antisamy] Help with ignoring invalid attribute name in HTML Tag

Chao Jiang Chao.Jiang at anu.edu.au
Mon Feb 28 00:31:39 EST 2011


Hi Jim

You mean updating antisamy.xml file to

<tag name="img" action="clean">

I tried "clean","remove", and "truncate", none of them work, the same
exception was printed out.
org.owasp.validator.html.ScanException: org.w3c.dom.DOMException:
INVALID_CHARACTER_ERR: An invalid or illegal XML character is specified.
...

Thanks
Kind regards
Chao


-----Original Message-----
From: Jim Manico [mailto:jim at manico.net] 
Sent: Monday, 28 February 2011 4:22 PM
To: Chao Jiang
Cc: owasp-antisamy at lists.owasp.org
Subject: Re: [owasp-antisamy] Help with ignoring invalid attribute name
in HTML Tag

Have you tried the AntiSamy "clean" function? What output do you get if
you try to "clean" the html (instead of validate?)

- Jim


> Hi All
> 
>  
> 
> One quick question please.
> 
>  
> 
> When AntiSamy encounters invalid HTML as follows (using number as
> attribute name), it will throw exception
> 
>  
> 
> <img src="http://www.xxx.com/xxx.gif" 3="" width="10" height="1"
> border="0">
> 
>  
> 
>  
> 
> How can I update antisamy.xml file to ignore the error or even remove
> it?
> 
>  
> 
> By the way I am using version 1.4.
> 
>  
> 
> Thanks a lot.
> 
>  
> 
> Kind regards
> 
> Chao
> 
>  
> 
> 
> 
> 
> 
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy



More information about the Owasp-antisamy mailing list