[owasp-antisamy] Is it possible to use AntiSamy and keep code in pre/code tags intact?

Jason Li jason.li at owasp.org
Wed Sep 21 01:24:43 EDT 2011


One way that you could potentially make this behavior is to leverage the
"onUnknownTag" directive.

Using this directive, if a tag is not known (i.e. not explicitly in the
policy file), it will HTML-encode the tag.

You could remove the script tag from the policy file, hypothetically causing
such "unknown" tags to be encoded rather than removed.

Note that I'm not certain off the top of my head if the new current release
still supports this directive or if this strategy would work safely and
accomplish your goal.


On Tue, Sep 20, 2011 at 4:18 PM, Mohamad El-Husseini <husseini.mel at gmail.com
> wrote:

> Hi everyone!
> I want to use AntiSamy to allow users to post code snippets and other
> things. Is it possible to customize AntiSamy to allow script tags that are
> nested in code/pre tags?
> I want to use it in a similar capacity to StackOverFlow: they allow most
> basic HTML, including any tags found inside pre/code tags.
> AntiSamy strips such tags regardless. Is AntiSamy the right tool for what
> I'm trying to do? Andy advice would be appreciated.
> Thank you.
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20110921/a12e03a5/attachment.html 

More information about the Owasp-antisamy mailing list