[owasp-antisamy] Empty tags like iframe, textarea - how to preserve them

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Tue Jun 7 12:01:11 EDT 2011


We had a bad release that didn't integrate all of the right patches and I've been negligent in getting a fix out. Expect a 1.4.5 release really soon - maybe in the next week.

Arshan

-----Original Message-----
From: owasp-antisamy-bounces at lists.owasp.org [mailto:owasp-antisamy-bounces at lists.owasp.org] On Behalf Of Ondrej Svetlík
Sent: Tuesday, June 07, 2011 10:58 AM
To: owasp-antisamy at lists.owasp.org
Subject: [owasp-antisamy] Empty tags like iframe,textarea - how to preserve them

Hello,

I tried a lot but nothing really worked. I upgraded to antisamy 1.4.4, according to tests present in SVN:

https://svn.atlassian.com/svn/public/atlassian/vendor/antisamy/tags/antisamy-project-1.4.2-atlassian-9/antisamy/src/test/java/org/owasp/validator/html/test/EmptyElementsPolicyTest.java
https://svn.atlassian.com/svn/public/atlassian/vendor/antisamy/tags/antisamy-project-1.4.2-atlassian-9/antisamy/src/test/resources/test-empty-elements-policy.xml

I created my own test to be sure that <iframe></iframe> and <textarea></textarea> will be preserved, but it doesn't work. 
CleanResults.getCleanHTML always contain <iframe/><textarea/>. I'm becoming realy desperate. Can somebody tell me, what's wrong with my code, please?

public class AntiSamyTest {

	private static Log log = LogFactory.getLog(PolicyFactory.class);

	private Policy policy;

	@Test
	public void policyLoadTest() throws PolicyException, MalformedURLException {
		this.policy = Policy.getInstance(new URL(null, "classpath:cmspolicy.xml", new ClasspathStreamHandler()));
	}

	private static final String iFrame = "<iframe></iframe>";

	@Test(dependsOnMethods = "policyLoadTest")
	public void htmlFixTest() throws ScanException, PolicyException {
		log.info("Testing AntiSamy results");
		AntiSamy as = new AntiSamy(this.policy);
		CleanResults cr;
		cr =
as.scan("<p>nazdar<b>asdlfkj</b><br><iframe></iframe><textarea></textarea>",
this.policy);
		log.info(cr.getCleanHTML());

		Assert.assertEquals(as.scan(iFrame, AntiSamy.DOM).getCleanHTML(), iFrame);
	}

}


FAILED: htmlFixTest
java.lang.AssertionError: expected:<<iframe></iframe>> but was:<<iframe />>

Thank you a lot,

regards,

Ondrej
_______________________________________________
Owasp-antisamy mailing list
Owasp-antisamy at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-antisamy


More information about the Owasp-antisamy mailing list