[owasp-antisamy] Help with ignoring invalid attribute name in HTML Tag

Jim Manico jim at manico.net
Mon Feb 28 00:43:18 EST 2011


No, I mean calling AntiSamy in "clean" mode instead of reject mode, like so:

AntiSamy as = new AntiSamy();
CleanResults test = as.scan(input, antiSamyPolicy);
String antiSamyCleanOutput = test.getCleanHTML();  <--- Key is here

This should not throw an exception, even if the input is bad. It should
just return "clean" and safe XML, with JS and other markup stripped out
based on your policy.

-Jim

> Hi Jim
> 
> You mean updating antisamy.xml file to
> 
> <tag name="img" action="clean">
> 
> I tried "clean","remove", and "truncate", none of them work, the same
> exception was printed out.
> org.owasp.validator.html.ScanException: org.w3c.dom.DOMException:
> INVALID_CHARACTER_ERR: An invalid or illegal XML character is specified.
> ...
> 
> Thanks
> Kind regards
> Chao
> 
> 
> -----Original Message-----
> From: Jim Manico [mailto:jim at manico.net] 
> Sent: Monday, 28 February 2011 4:22 PM
> To: Chao Jiang
> Cc: owasp-antisamy at lists.owasp.org
> Subject: Re: [owasp-antisamy] Help with ignoring invalid attribute name
> in HTML Tag
> 
> Have you tried the AntiSamy "clean" function? What output do you get if
> you try to "clean" the html (instead of validate?)
> 
> - Jim
> 
> 
>> Hi All
>>
>>  
>>
>> One quick question please.
>>
>>  
>>
>> When AntiSamy encounters invalid HTML as follows (using number as
>> attribute name), it will throw exception
>>
>>  
>>
>> <img src="http://www.xxx.com/xxx.gif" 3="" width="10" height="1"
>> border="0">
>>
>>  
>>
>>  
>>
>> How can I update antisamy.xml file to ignore the error or even remove
>> it?
>>
>>  
>>
>> By the way I am using version 1.4.
>>
>>  
>>
>> Thanks a lot.
>>
>>  
>>
>> Kind regards
>>
>> Chao
>>
>>  
>>
>>
>>
>>
>>
>> _______________________________________________
>> Owasp-antisamy mailing list
>> Owasp-antisamy at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-antisamy
> 



More information about the Owasp-antisamy mailing list