[owasp-antisamy] XHTML/HTML setting
troy.doty at touchnet.com
Thu Jun 16 09:31:39 EDT 2011
I realize that there is a setting in the policy that can set the cleaned output from AS to either XHTML or HTML. However, is there also a setting to have the underlying parser parse for XHTML or HTML? For example, the DOMFragmentParser that is used for the AntiSamyDOMScanner, is there a way to set that to parse (and return) XHTML? I realize with the latest code it's not a huge deal, as the incoming XHTML is changed to HTML by the parser, and then reconverted to XHTML through the XHTMLSerializer. However, we have made some modifications to the code where this does cause us an issue (although we are going to soon revert back to the current release, and implement our code changes outside of AS). So for the meantime, is there some setting we can use to force the parser to follow XHTML/HTML as AS does?
Confidentiality Notice: This electronic mail transmission, including any accompanying attachments, is intended solely for its authorized recipient(s). If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you received this transmission in error, immediately contact the sender and delete the contents and attachments of this message.
Note to recipient: This is an unsecured email service which is not intended for sending confidential or highly sensitive information. Confidential or highly sensitive information includes, but is not limited to, payment card information, social security numbers, and account numbers.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-antisamy