[owasp-antisamy] Empty tags like iframe, textarea - how to preserve them

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Tue Jun 7 12:01:11 EDT 2011

We had a bad release that didn't integrate all of the right patches and I've been negligent in getting a fix out. Expect a 1.4.5 release really soon - maybe in the next week.


-----Original Message-----
From: owasp-antisamy-bounces at lists.owasp.org [mailto:owasp-antisamy-bounces at lists.owasp.org] On Behalf Of Ondrej Svetlík
Sent: Tuesday, June 07, 2011 10:58 AM
To: owasp-antisamy at lists.owasp.org
Subject: [owasp-antisamy] Empty tags like iframe,textarea - how to preserve them


I tried a lot but nothing really worked. I upgraded to antisamy 1.4.4, according to tests present in SVN:


I created my own test to be sure that <iframe></iframe> and <textarea></textarea> will be preserved, but it doesn't work. 
CleanResults.getCleanHTML always contain <iframe/><textarea/>. I'm becoming realy desperate. Can somebody tell me, what's wrong with my code, please?

public class AntiSamyTest {

	private static Log log = LogFactory.getLog(PolicyFactory.class);

	private Policy policy;

	public void policyLoadTest() throws PolicyException, MalformedURLException {
		this.policy = Policy.getInstance(new URL(null, "classpath:cmspolicy.xml", new ClasspathStreamHandler()));

	private static final String iFrame = "<iframe></iframe>";

	@Test(dependsOnMethods = "policyLoadTest")
	public void htmlFixTest() throws ScanException, PolicyException {
		log.info("Testing AntiSamy results");
		AntiSamy as = new AntiSamy(this.policy);
		CleanResults cr;
		cr =

		Assert.assertEquals(as.scan(iFrame, AntiSamy.DOM).getCleanHTML(), iFrame);


FAILED: htmlFixTest
java.lang.AssertionError: expected:<<iframe></iframe>> but was:<<iframe />>

Thank you a lot,


Owasp-antisamy mailing list
Owasp-antisamy at lists.owasp.org

More information about the Owasp-antisamy mailing list