[owasp-antisamy] Not Considered as Vulnerable Script
jason.li at owasp.org
Mon Mar 11 16:43:21 UTC 2013
AntiSamy is intended to be an HTML validator, not a cross-site scripting
The snippet you provide by itself does not by itself result in any
cause the snippet to execute.
The intended use case for AntiSamy is a situation where an application must
accept raw, untrusted HTML in a safe way. AnyiSamy validates such input
against a whitelist of safe HTML/CSS.
Hope that clears things up!
On Monday, March 11, 2013, Suhas N Gogate wrote:
> When I gave Input as *-1%22%2Balert%281214%29%2B%22*' it is not
> considered as XSS Script in antisamy. Please suggest me how to resolve this
> Thanks and Regards,
> Suhas Gogate N
> Disclaimer: This transmission, including attachments, is confidential,
> proprietary, and may be privileged. It is intended solely for the intended
> recipient. If you are not the intended recipient, you have received this
> transmission in error and you are hereby advised that any review,
> disclosure, copying, distribution, or use of this transmission, or any of
> the information included therein, is unauthorized and strictly prohibited.
> If you have received this transmission in error, please immediately notify
> the sender by reply and permanently delete all copies of this transmission
> and its attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-antisamy