[owasp-antisamy] AntiSamy not able to figure out the closing tags in custom XML and its truncating all of its child elements.

manjutimes manjutimes at gmail.com
Mon Jun 29 21:00:46 UTC 2015


Hi,
We are trying to configure AntiSamy to our project and we came across 2
following issues:
1. AntiSamy has issue scanning custom/project specific XML’s:
     For instance when the message is in the following XML format, It’s not
able to figure out the abbreviated closing tag and there by its truncating
all of its child elements.
      The following request and response data shows it all. We are
currently using *antisamy-1.4.4.jar* and have added *<directive
name="onUnknownTag" value="encode"/> *to RULES XML. Is there any other
directive that we need to include in RULES XML to get rid of it?  I even
tried with *antisamy-1.5.3.jar*, but no luck.



*Request which is passed from UI:*

<Flight>

           <Designator airline="RR" number="7010"/>

           <DateRange end="05/14/2015" start="05/14/2015"/>

           <Frequency days="   4   "/>

  </Flight>



* Response that we get back from AntiSamy *:

                <flight> </flight>


2.  In the response , AntiSamy is converting all the XML tags to lowercase.
It’s not preserving the “case” of each tag.  And there is no configuration
defined to omit such conversion, Do      we? I saw similar post
https://lists.owasp.org/pipermail/owasp-antisamy/2008-May/000045.html , but
i dint find any solution defined to the issue.


Could you please revert back with possible solution/suggestions.. Looking
forward. This is little urgent.


Thanks

Manju
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-antisamy/attachments/20150629/7f07d431/attachment.html>


More information about the Owasp-antisamy mailing list