<div dir="ltr"><span style="font-size:12.8px">Hi,</span><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">  We have implemented Antisamy for our application to escape html tags in user inputs. Recent security testing on IE9 browser with input value as <span style="color:rgb(51,51,51);font-family:Arial,sans-serif;font-size:14px"><b><%/onmouseover=prompt(1)> </b>is resulting user to prompt for user input onmouse over. I have gone through Antisamyprofile.xml file and couldn't find any option as how to escape these arbitrary tags, i event tried with below directive but didn't help</span></div><div style="font-size:12.8px"><font color="#333333" face="Arial, sans-serif"><span style="font-size:14px"><br></span></font></div><div style="font-size:12.8px"><pre style="white-space:pre-wrap;color:rgb(0,0,0)"><directive name="onUnknownTag" value="remove"/></pre><div>Can some one help me in this regard as what property setting needs to be done to remove this tag.</div></div><div><br></div><div>Thanks,</div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div><b><span lang="EN-US" style="font-size:14pt;line-height:115%;font-family:Arial,sans-serif;background-image:initial;background-position:initial;background-repeat:initial">Phani Kanakamedala<span style="color:rgb(0,164,217)"><br>
</span></span></b><span lang="EN-US" style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif;background-image:initial;background-position:initial;background-repeat:initial">Architect <b><span style="color:rgb(166,166,166)">|</span></b>
Model N</span><span lang="EN-US" style="font-size:10pt;line-height:115%;font-family:Arial,sans-serif;background-image:initial;background-position:initial;background-repeat:initial"> <b><br>
<span style="color:rgb(255,131,0)">O: </span></b>+<font color="#0000ff">91 40 45465540</font>   <b><span style="color:rgb(255,131,0)">M: </span></b><font color="#0000ff">+91 9000666251</font><span><br>
</span>8<sup>th</sup> Floor, Block-3, DLF Cyber City, Gachibowli, Hyderabad, India</span></div><div><span lang="EN-US" style="font-family:Arial,sans-serif;background-image:initial;background-position:initial;background-repeat:initial"><span style="font-size:13.3333px;line-height:15.3333px"><img src="http://67c14986c3ef8d502360-d8749327540876c71e5c4ca21b7c3734.r20.cf5.rackcdn.com/Modeln_Logo_small.png"><br></span>
<br>
</span></div></div></div></div></div></div></div></div></div></div></div></div>
</div>

<br>
<span style="color:rgb(51,51,51);font-family:Arial,sans-serif;font-size:14px;background-color:rgb(255,255,255)">------------------------------<wbr>-------------</span><br style="color:rgb(51,51,51);font-family:Arial,sans-serif;font-size:14px;background-color:rgb(255,255,255)"><span style="color:rgb(51,51,51);font-family:Arial,sans-serif;font-size:14px;background-color:rgb(255,255,255)">NOTICE:</span><br style="color:rgb(51,51,51);font-family:Arial,sans-serif;font-size:14px;background-color:rgb(255,255,255)"><span style="color:rgb(51,51,51);font-family:Arial,sans-serif;font-size:14px;background-color:rgb(255,255,255)">This email and all attachments may contain information that is </span><span style="color:rgb(51,51,51);font-family:Arial,sans-serif;font-size:14px;background-color:rgb(255,255,255)">confidential, private or protected by attorney-client privilege. If you </span><span style="color:rgb(51,51,51);font-family:Arial,sans-serif;font-size:14px;background-color:rgb(255,255,255)">believe that you are not an intended recipient, please do not copy, </span><span style="color:rgb(51,51,51);font-family:Arial,sans-serif;font-size:14px;background-color:rgb(255,255,255)">forward, or rely on the contents of this email in any way. Please notify </span><span style="color:rgb(51,51,51);font-family:Arial,sans-serif;font-size:14px;background-color:rgb(255,255,255)">the sender and delete or destroy any copy of this email and its </span><span style="color:rgb(51,51,51);font-family:Arial,sans-serif;font-size:14px;background-color:rgb(255,255,255)">attachments. Sender reserves and asserts all rights to confidentiality, </span><span style="color:rgb(51,51,51);font-family:Arial,sans-serif;font-size:14px;background-color:rgb(255,255,255)">including all privileges that may apply.</span>