[owasp-antisamy] Empty tags like iframe, textarea - how to preserve them

Paul Curren pcurren at atlassian.com
Tue Jun 7 14:50:08 EDT 2011


Incidentally, you are referring to a forked version of Antisamy that we run in Atlassian.

This has a number of customisations that are specific to our use cases but probably not what you are looking for.

You will find the proper releases here - http://code.google.com/p/owaspantisamy/downloads/list.

Cheers,

Paul C

On 07/06/2011, at 3:58 PM, Ondřej Světlík wrote:

> Hello,
> 
> I tried a lot but nothing really worked. I upgraded to antisamy 1.4.4, 
> according to tests present in SVN:
> 
> https://svn.atlassian.com/svn/public/atlassian/vendor/antisamy/tags/antisamy-project-1.4.2-atlassian-9/antisamy/src/test/java/org/owasp/validator/html/test/EmptyElementsPolicyTest.java
> https://svn.atlassian.com/svn/public/atlassian/vendor/antisamy/tags/antisamy-project-1.4.2-atlassian-9/antisamy/src/test/resources/test-empty-elements-policy.xml
> 
> I created my own test to be sure that <iframe></iframe> and 
> <textarea></textarea> will be preserved, but it doesn't work. 
> CleanResults.getCleanHTML always contain <iframe/><textarea/>. I'm 
> becoming realy desperate. Can somebody tell me, what's wrong with my 
> code, please?
> 
> public class AntiSamyTest {
> 
> 	private static Log log = LogFactory.getLog(PolicyFactory.class);
> 
> 	private Policy policy;
> 
> 	@Test
> 	public void policyLoadTest() throws PolicyException, 
> MalformedURLException {
> 		this.policy = Policy.getInstance(new URL(null, 
> "classpath:cmspolicy.xml", new ClasspathStreamHandler()));
> 	}
> 
> 	private static final String iFrame = "<iframe></iframe>";
> 
> 	@Test(dependsOnMethods = "policyLoadTest")
> 	public void htmlFixTest() throws ScanException, PolicyException {
> 		log.info("Testing AntiSamy results");
> 		AntiSamy as = new AntiSamy(this.policy);
> 		CleanResults cr;
> 		cr = 
> as.scan("<p>nazdar<b>asdlfkj</b><br><iframe></iframe><textarea></textarea>", 
> this.policy);
> 		log.info(cr.getCleanHTML());
> 
> 		Assert.assertEquals(as.scan(iFrame, AntiSamy.DOM).getCleanHTML(), iFrame);
> 	}
> 
> }
> 
> 
> FAILED: htmlFixTest
> java.lang.AssertionError: expected:<<iframe></iframe>> but was:<<iframe />>
> 
> Thank you a lot,
> 
> regards,
> 
> Ondrej
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy



More information about the Owasp-antisamy mailing list