andresriancho / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
12 stars 15 forks source link

Null character check #119

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Hi,

We are using antisamy policy antsamy-tinymce.xml and found that it  does not 
block null character  and is vulnerable to XSS attacks.

Can you please advice how we can prevent null characters.

regards,
Vijay

Original issue reported on code.google.com by reach.vi...@gmail.com on 3 Nov 2011 at 12:59

GoogleCodeExporter commented 9 years ago
What is your input and expected output? How is it vulnerable? Where are the 
null bytes? What are your system specs? Please fill out a valid bug report and 
we'd love to hear about it.

Original comment by arshan.d...@gmail.com on 9 Dec 2011 at 5:02

GoogleCodeExporter commented 9 years ago
No action after 60 days. Closing.

Original comment by arshan.d...@gmail.com on 19 Feb 2012 at 1:57