[owasp-antisamy] Problems of using antisamy file i downloaded from OWASP

Troy Doty troy.doty at touchnet.com
Mon Jun 25 13:45:17 UTC 2012


Can you please list the problem you are having?  Getting an error or some sort?  Exception?  Unexpected behavior?

Is the policy file at the path you are giving?  Make sure to double check (as simple as it sounds).  Did you make any changes to the policy file after pulling it down from the AntiSamy site?

The policy file can be wherever you'd like, as long as you specify its actual location to the Policy constructor.

Not sure what you mean by you are "not sure how to use this for the ESAPI validator".  What are you trying to do with the validator?

________________________________
From: owasp-antisamy-bounces at lists.owasp.org [mailto:owasp-antisamy-bounces at lists.owasp.org] On Behalf Of Junyuan Tan
Sent: Sunday, June 24, 2012 10:44 AM
To: owasp-antisamy at lists.owasp.org
Subject: [owasp-antisamy] Problems of using antisamy file i downloaded from OWASP

i downloaded the owasp antisamy to prevent XSS attacks

however, i have few problems referencing the policy xml file in the java<http://www.javaranch.com/> code
one of which is
view plain<http://www.coderanch.com/t/584363/JSP/java/Doing-server-side-validation-jsp>copy to clipboard<http://www.coderanch.com/t/584363/JSP/java/Doing-server-side-validation-jsp>print<http://www.coderanch.com/t/584363/JSP/java/Doing-server-side-validation-jsp>?<http://www.coderanch.com/t/584363/JSP/java/Doing-server-side-validation-jsp>
1.     Policy policy = Policy.getInstance("C:/Documents and Settings/xxx/Desktop/Jars/Antisamy/antisamy-anythinggoes-1.4.4.xml");


asked around and searched but i tried and is still stuck at this step.
not very sure the xml files must be in a certain location

Iam also not sure how to use this for the ESAPI validator too

[COMTEC 2012 Register Now]<http://www.touchnet.com/comtec/>

________________________________


Confidentiality Notice:

This electronic mail transmission, including any accompanying attachments, is intended solely for its authorized recipient(s). If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you received this transmission in error, immediately contact the sender and delete the contents and attachments of this message.

Note to recipient: This is an unsecured email service which is not intended for sending confidential or highly sensitive information. Confidential or highly sensitive information includes, but is not limited to, payment card information, social security numbers, and account numbers.

________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-antisamy/attachments/20120625/b7a6763c/attachment.html>


More information about the Owasp-antisamy mailing list