[owasp-antisamy] Empty tags like iframe, textarea - how to preserve them

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Tue Jun 7 22:38:07 EDT 2011


Per my earlier message I cranked out the changes again - if you build against HEAD (which is 1.4.5-SNAPSHOT) you will find the <allowed-empty-tags> element patch was integrated. Incidentally it also makes SAX the default parser and a few other little things. Can you test HEAD for us before we do another release?

Arshan

-----Original Message-----
From: owasp-antisamy-bounces at lists.owasp.org [mailto:owasp-antisamy-bounces at lists.owasp.org] On Behalf Of Paul Curren
Sent: Tuesday, June 07, 2011 2:50 PM
To: Ondřej Světlík
Cc: owasp-antisamy at lists.owasp.org
Subject: Re: [owasp-antisamy] Empty tags like iframe,textarea - how to preserve them

Incidentally, you are referring to a forked version of Antisamy that we run in Atlassian.

This has a number of customisations that are specific to our use cases but probably not what you are looking for.

You will find the proper releases here - http://code.google.com/p/owaspantisamy/downloads/list.

Cheers,

Paul C

On 07/06/2011, at 3:58 PM, Ondřej Světlík wrote:

> Hello,
> 
> I tried a lot but nothing really worked. I upgraded to antisamy 1.4.4, 
> according to tests present in SVN:
> 
> https://svn.atlassian.com/svn/public/atlassian/vendor/antisamy/tags/an
> tisamy-project-1.4.2-atlassian-9/antisamy/src/test/java/org/owasp/vali
> dator/html/test/EmptyElementsPolicyTest.java
> https://svn.atlassian.com/svn/public/atlassian/vendor/antisamy/tags/an
> tisamy-project-1.4.2-atlassian-9/antisamy/src/test/resources/test-empt
> y-elements-policy.xml
> 
> I created my own test to be sure that <iframe></iframe> and 
> <textarea></textarea> will be preserved, but it doesn't work.
> CleanResults.getCleanHTML always contain <iframe/><textarea/>. I'm 
> becoming realy desperate. Can somebody tell me, what's wrong with my 
> code, please?
> 
> public class AntiSamyTest {
> 
> 	private static Log log = LogFactory.getLog(PolicyFactory.class);
> 
> 	private Policy policy;
> 
> 	@Test
> 	public void policyLoadTest() throws PolicyException, 
> MalformedURLException {
> 		this.policy = Policy.getInstance(new URL(null, 
> "classpath:cmspolicy.xml", new ClasspathStreamHandler()));
> 	}
> 
> 	private static final String iFrame = "<iframe></iframe>";
> 
> 	@Test(dependsOnMethods = "policyLoadTest")
> 	public void htmlFixTest() throws ScanException, PolicyException {
> 		log.info("Testing AntiSamy results");
> 		AntiSamy as = new AntiSamy(this.policy);
> 		CleanResults cr;
> 		cr =
> as.scan("<p>nazdar<b>asdlfkj</b><br><iframe></iframe><textarea></texta
> rea>",
> this.policy);
> 		log.info(cr.getCleanHTML());
> 
> 		Assert.assertEquals(as.scan(iFrame, AntiSamy.DOM).getCleanHTML(), iFrame);
> 	}
> 
> }
> 
> 
> FAILED: htmlFixTest
> java.lang.AssertionError: expected:<<iframe></iframe>> but 
> was:<<iframe />>
> 
> Thank you a lot,
> 
> regards,
> 
> Ondrej
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy

_______________________________________________
Owasp-antisamy mailing list
Owasp-antisamy at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-antisamy


More information about the Owasp-antisamy mailing list