[owasp-antisamy] A couple of questions about upgrading

Kristian Rosenvold kristian.rosenvold at gmail.com
Fri Mar 22 11:50:09 UTC 2013


You probably need to turn off html mangling, which seems to have been
made default in 1.4.5 ;)

The Policy.PRESERVE_SPACE setting is your friend.

Kristian


    @Test
    public void testWhitespaceNotBeingMangled() throws ScanException,
PolicyException {
        String test = "<select name=\"name\"><option
value=\"Something\">Something</select>";
        String expected = "<select name=\"name\"><option
value=\"Something\">Something</option></select>";
        Policy preserveSpace = policy.cloneWithDirective(
Policy.PRESERVE_SPACE, "true" );
        CleanResults preserveSpaceResults = as.scan(test,
preserveSpace, AntiSamy.SAX);
        assertEquals( expected, preserveSpaceResults.getCleanHTML() );
    }


2013/3/1 Jacob Coulter <jacob.coulter at gmail.com>:
> We have a factory that creates an Antisamy (v 1.4.1) and were hoping
> to upgrade to 1.5.1.  What happened to Antisamy.java's inputEncoding
> and outputEncoding? How do we set the equivalent values to manage
> these concerns now?
>
> Also, in several of our unit tests we are suddenly getting extra
> spaces wherever we have nested tags.  For instance, after scanning the
> string:  '<select name="name"><option
> value="Something">Something</select>'  We now get : '<select
> name="name"> <option value="Something">Something </select>'   Note the
> 2 extra spaces between the tags and before the closing select.  (The
> lack of closing option tag is not a pertinent part of this example.)
>
> The second issue doesn't seem to be causing pain, but it is
> unexpected.  Anyone else notice this?
>
> Thanks,
>
>   Jacob
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy


More information about the Owasp-antisamy mailing list