[owasp-antisamy] AntiSamy prepends doctype

Troy Doty troy.doty at touchnet.com
Mon Sep 26 09:22:34 EDT 2011


I believe you are referring to the value returned by AntiSamy, and not ESAPI (none of the ESAPI functions would do that, that I know of).

I think the property you are looking for is "omitDoctypeDeclaration", instead of "omitDoctype".

<directive name="omitDoctypeDeclaration" value="true"/>

With that property set, I am not getting the doctype returned with my AntiSamy calls.

Hopefully that helps.

-----Original Message-----
From: owasp-antisamy-bounces at lists.owasp.org [mailto:owasp-antisamy-bounces at lists.owasp.org] On Behalf Of Christian Beikov
Sent: Monday, September 26, 2011 8:18 AM
To: owasp-antisamy at lists.owasp.org
Subject: [owasp-antisamy] AntiSamy prepends doctype

I use ESAPI 2.0.1 and the AntiSamy implementation that comes with it
always prepends the html doctype. It just ignores the omitDoctype
parameter in the policy. Is this a bug or do I have missconfigured

Owasp-antisamy mailing list
Owasp-antisamy at lists.owasp.org

Confidentiality Notice: This electronic mail transmission, including any accompanying attachments, is intended solely for its authorized recipient(s). If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you received this transmission in error, immediately contact the sender and delete the contents and attachments of this message.

Note to recipient: This is an unsecured email service which is not intended for sending confidential or highly sensitive information. Confidential or highly sensitive information includes, but is not limited to, payment card information, social security numbers, and account numbers.

More information about the Owasp-antisamy mailing list