[owasp-antisamy] Guidance on setting the maxInputSize

Jacob Coulter jacob.coulter at gmail.com
Wed Apr 18 21:52:33 UTC 2012


Hi,

  I'm new to the list and attempted to search the archives but I've not had
much luck.

  We have a site that renders back a large html page and it's failing
because it exceeds the maxInputSize.  Before just changing this value, I
thought I'd ask for guidance on the purpose of this value.

Specifically, is there some type of known attack that results in an html
string with an exceedingly large number of bytes that this is intended to
prevent?

If it's not intended to prevent an attack, is this limit due to concerns
for resource utilization and performance?

If neither, what is the intended purpose of this value?

I'm trying to understand its original intent so I can understand what risks
I'm taking when I make that value larger.

Thanks,

  ~ Jacob Coulter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-antisamy/attachments/20120418/69612c62/attachment.html>


More information about the Owasp-antisamy mailing list