[owasp-antisamy] Empty tags like iframe, textarea - how to preserve them

Ondřej Světlík ondrej at svetlik.info
Tue Jun 7 10:58:24 EDT 2011


Hello,

I tried a lot but nothing really worked. I upgraded to antisamy 1.4.4, 
according to tests present in SVN:

https://svn.atlassian.com/svn/public/atlassian/vendor/antisamy/tags/antisamy-project-1.4.2-atlassian-9/antisamy/src/test/java/org/owasp/validator/html/test/EmptyElementsPolicyTest.java
https://svn.atlassian.com/svn/public/atlassian/vendor/antisamy/tags/antisamy-project-1.4.2-atlassian-9/antisamy/src/test/resources/test-empty-elements-policy.xml

I created my own test to be sure that <iframe></iframe> and 
<textarea></textarea> will be preserved, but it doesn't work. 
CleanResults.getCleanHTML always contain <iframe/><textarea/>. I'm 
becoming realy desperate. Can somebody tell me, what's wrong with my 
code, please?

public class AntiSamyTest {

	private static Log log = LogFactory.getLog(PolicyFactory.class);

	private Policy policy;

	@Test
	public void policyLoadTest() throws PolicyException, 
MalformedURLException {
		this.policy = Policy.getInstance(new URL(null, 
"classpath:cmspolicy.xml", new ClasspathStreamHandler()));
	}

	private static final String iFrame = "<iframe></iframe>";

	@Test(dependsOnMethods = "policyLoadTest")
	public void htmlFixTest() throws ScanException, PolicyException {
		log.info("Testing AntiSamy results");
		AntiSamy as = new AntiSamy(this.policy);
		CleanResults cr;
		cr = 
as.scan("<p>nazdar<b>asdlfkj</b><br><iframe></iframe><textarea></textarea>", 
this.policy);
		log.info(cr.getCleanHTML());

		Assert.assertEquals(as.scan(iFrame, AntiSamy.DOM).getCleanHTML(), iFrame);
	}

}


FAILED: htmlFixTest
java.lang.AssertionError: expected:<<iframe></iframe>> but was:<<iframe />>

Thank you a lot,

regards,

Ondrej


More information about the Owasp-antisamy mailing list