Shiva6780 / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
0 stars 0 forks source link

antisamy strips tag with mismatched quotes but does not report error #131

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. scan a document with text:
     hello <iframe src="https://www.google.com/'></frame> world
2. make sure that use mismatching quotes, double and single to surround src
3.

What is the expected output? What do you see instead?
it should return "hello world" and cleanResults.getErrorMessages() should have
one error message

What version of the product are you using? On what operating system?
1.4.4

Please provide any additional information below.

Original issue reported on code.google.com by arthur....@gmail.com on 21 Mar 2012 at 8:01

GoogleCodeExporter commented 8 years ago
This is due to the error being a parsing exception.  Please see issue 105 
(http://code.google.com/p/owaspantisamy/issues/detail?id=105).

As has been suggested, ensure that you are always returning the cleaned results 
and not relying on the getErrorMessages to determine if the dirty is valid or 
not.

Original comment by tad...@gmail.com on 2 Apr 2012 at 7:08