[owasp-antisamy] AntiSamy not able to figure out the closing tags in custom XML and its truncating all of its child elements.

manjutimes manjutimes at gmail.com
Mon Jul 6 19:38:43 UTC 2015


issue 1: AntiSamy has issue scanning custom/project specific XMLs:
We fixed it by adding our project specific XML Tags to <allowed-empty-tags>
in AntiSamy Rules XML.
Eg:
<allowed-empty-tags>
<literal-list>
<literal value="ackId"/>
<literal value="action"/>
<literal value="ACV"/>









On Tue, Jun 30, 2015 at 7:00 AM, <owasp-antisamy-request at lists.owasp.org>
wrote:

> Send Owasp-antisamy mailing list submissions to
>         owasp-antisamy at lists.owasp.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.owasp.org/mailman/listinfo/owasp-antisamy
> or, via email, send a message with subject or body 'help' to
>         owasp-antisamy-request at lists.owasp.org
>
> You can reach the person managing the list at
>         owasp-antisamy-owner at lists.owasp.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Owasp-antisamy digest..."
>
>
> Today's Topics:
>
>    1. AntiSamy not able to figure out the closing tags in custom
>       XML and its truncating all of its child elements. (manjutimes)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 29 Jun 2015 16:00:46 -0500
> From: manjutimes <manjutimes at gmail.com>
> To: owasp-antisamy at lists.owasp.org
> Subject: [owasp-antisamy] AntiSamy not able to figure out the closing
>         tags in custom XML and its truncating all of its child elements.
> Message-ID:
>         <CAPObgJA614c+7qu62ydG=x5rod2gwUh126Jw0DTOx7=h7LB=
> Ww at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
> We are trying to configure AntiSamy to our project and we came across 2
> following issues:
> 1. AntiSamy has issue scanning custom/project specific XML?s:
>      For instance when the message is in the following XML format, It?s not
> able to figure out the abbreviated closing tag and there by its truncating
> all of its child elements.
>       The following request and response data shows it all. We are
> currently using *antisamy-1.4.4.jar* and have added *<directive
> name="onUnknownTag" value="encode"/> *to RULES XML. Is there any other
> directive that we need to include in RULES XML to get rid of it?  I even
> tried with *antisamy-1.5.3.jar*, but no luck.
>
>
>
> *Request which is passed from UI:*
>
> <Flight>
>
>            <Designator airline="RR" number="7010"/>
>
>            <DateRange end="05/14/2015" start="05/14/2015"/>
>
>            <Frequency days="   4   "/>
>
>   </Flight>
>
>
>
> * Response that we get back from AntiSamy *:
>
>                 <flight> </flight>
>
>
> 2.  In the response , AntiSamy is converting all the XML tags to lowercase.
> It?s not preserving the ?case? of each tag.  And there is no configuration
> defined to omit such conversion, Do      we? I saw similar post
> https://lists.owasp.org/pipermail/owasp-antisamy/2008-May/000045.html ,
> but
> i dint find any solution defined to the issue.
>
>
> Could you please revert back with possible solution/suggestions.. Looking
> forward. This is little urgent.
>
>
> Thanks
>
> Manju
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.owasp.org/pipermail/owasp-antisamy/attachments/20150629/7f07d431/attachment-0001.html
> >
>
> ------------------------------
>
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy
>
>
> End of Owasp-antisamy Digest, Vol 69, Issue 1
> *********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-antisamy/attachments/20150706/e81e92b8/attachment.html>


More information about the Owasp-antisamy mailing list