[owasp-antisamy] XHTML/HTML setting

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Thu Jun 16 09:44:05 EDT 2011


There isn't anything in AntiSamy like that. If you use the DOM engine,
there might be a NekoHTML setting that you can use,  my quick glance
doesn't show much but I would give it a closer look [1]. If you find
one, you could add that feature/set that property in your fork. 

 

[1] http://nekohtml.sourceforge.net/settings.html

 

From: owasp-antisamy-bounces at lists.owasp.org
[mailto:owasp-antisamy-bounces at lists.owasp.org] On Behalf Of Troy Doty
Sent: Thursday, June 16, 2011 9:32 AM
To: 'owasp-antisamy at lists.owasp.org'
Subject: [owasp-antisamy] XHTML/HTML setting

 

I realize that there is a setting in the policy that can set the cleaned
output from AS to either XHTML or HTML.  However, is there also a
setting to have the underlying parser parse for XHTML or HTML?  For
example, the DOMFragmentParser that is used for the AntiSamyDOMScanner,
is there a way to set that to parse (and return) XHTML?  I realize with
the latest code it's not a huge deal, as the incoming XHTML is changed
to HTML by the parser, and then reconverted to XHTML through the
XHTMLSerializer.  However, we have made some modifications to the code
where this does cause us an issue (although we are going to soon revert
back to the current release, and implement our code changes outside of
AS).  So for the meantime, is there some setting we can use to force the
parser to follow XHTML/HTML as AS does?

 

Thanks  

_________________________________________________________________ 

Confidentiality Notice: This electronic mail transmission, including any
accompanying attachments, is intended solely for its authorized
recipient(s). If you are not the intended recipient, please be aware
that any disclosure, copying, distribution or use of the contents of
this message is strictly prohibited. If you received this transmission
in error, immediately contact the sender and delete the contents and
attachments of this message. 

Note to recipient: This is an unsecured email service which is not
intended for sending confidential or highly sensitive information.
Confidential or highly sensitive information includes, but is not
limited to, payment card information, social security numbers, and
account numbers. 
_________________________________________________________________ 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20110616/40b6c940/attachment.html 


More information about the Owasp-antisamy mailing list