[owasp-antisamy] AntiSamy preserveComments directive

Troy Doty troy.doty at touchnet.com
Fri Mar 2 15:07:30 UTC 2012

I actually posted this for issue 41 (http://code.google.com/p/owaspantisamy/issues/detail?id=41), but I thought sending this out on the mailing list might get more exposure.  I'm also a bit confused because issue 41 was marked as "WontFix" but the documentation now states that there is a directive to accomplish what is wanted in this issue.

>From my issue 41 comment:

"Forgive me if I'm missing something obvious here...

I cannot get comments to be output, even with the preserveComments directive.  Upon further investigation, the BaseMarkupSerializer seems to ignore the comment (basically it writes it to the preRoot, but because it's the fragment that is being serialized, it never writes the preRoot's contents).  Can someone provide an example of HTML where the comments are being preserved (assuming the directive has been set)?"

And to clarify further, it appears that the perserveComments is being used, and will keep the comment before it sends it to the serializer, but the serializer itself fails to write it out to the StringWriter.

The code seems to be the same for 1.4.4 and 1.4.5 (concerning this matter), but I tested in both and could not get comments to be preserved in the clean output.



Confidentiality Notice: This electronic mail transmission, including any accompanying attachments, is intended solely for its authorized recipient(s). If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you received this transmission in error, immediately contact the sender and delete the contents and attachments of this message.

Note to recipient: This is an unsecured email service which is not intended for sending confidential or highly sensitive information. Confidential or highly sensitive information includes, but is not limited to, payment card information, social security numbers, and account numbers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-antisamy/attachments/20120302/ba5c01f7/attachment.html>

More information about the Owasp-antisamy mailing list