andresriancho / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
12 stars 15 forks source link

org.owasp.validator.html.ScanException: javax.xml.transform.TransformerException: java.lang.IllegalStateException #168

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1.  Add following in antisamy.xml
     <tag name="span" action="validate">
     <attribute name="style">
       <regexp-list>
          <regexp name="anything"/>
       </regexp-list>
     </attribute>
    </tag>

2. String dirtyInput = "<span style = "font-size:10pt;" >paragraph</span>"; 

ERROR:  ''
org.owasp.validator.html.ScanException: 
javax.xml.transform.TransformerException: java.lang.IllegalStateException
    at org.owasp.validator.html.scan.AntiSamySAXScanner.scan(AntiSamySAXScanner.java:135)
    at org.owasp.validator.html.AntiSamy.scan(AntiSamy.java:101)
    at com.tibbr.antisamy.TibbrAntisamy.getCleancontent(TibbrAntisamy.java:28)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.jruby.javasupport.JavaMethod.invokeDirectWithExceptionHandling(JavaMethod.java:470)
    at org.jruby.javasupport.JavaMethod.invokeDirect(JavaMethod.java:328)
    at org.jruby.java.invokers.InstanceMethodInvoker.call(InstanceMethodInvoker.java:71)
    at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:346)
    at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:204)
    at org.jruby.ast.CallTwoArgNode.interpret(CallTwoArgNode.java:59)
    at org.jruby.ast.LocalAsgnNode.interpret(LocalAsgnNode.java:123)
    at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
    at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
    at org.jruby.ast.RescueNode.executeBody(RescueNode.java:224)
    at org.jruby.ast.RescueNode.interpret(RescueNode.java:119)
    at org.jruby.ast.BeginNode.interpret(BeginNode.java:83)
    at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
    at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)
    at org.jruby.evaluator.ASTInterpreter.INTERPRET_METHOD(ASTInterpreter.java:75)
    at org.jruby.internal.runtime.methods.InterpretedMethod.call(InterpretedMethod.java:182)
    at org.jruby.internal.runtime.methods.DefaultMethod.call(DefaultMethod.java:188)
    at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:326)
    at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
    at org.jruby.ast.CallOneArgNode.interpret(CallOneArgNode.java:57)
    at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
    at org.jruby.ast.RootNode.interpret(RootNode.java:129)
    at org.jruby.evaluator.ASTInterpreter.INTERPRET_EVAL(ASTInterpreter.java:96)
    at org.jruby.evaluator.ASTInterpreter.evalWithBinding(ASTInterpreter.java:175)
    at org.jruby.RubyKernel.evalCommon(RubyKernel.java:1103)
    at org.jruby.RubyKernel.eval(RubyKernel.java:1061)
    at org.jruby.RubyKernel$INVOKER$s$0$3$eval.call(RubyKernel$INVOKER$s$0$3$eval.gen)
    at org.jruby.internal.runtime.methods.DynamicMethod.call(DynamicMethod.java:179)
    at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:296)
    at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:72)
    at org.jruby.ast.FCallManyArgsNode.interpret(FCallManyArgsNode.java:60)
    at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
    at org.jruby.evaluator.ASTInterpreter.INTERPRET_METHOD(ASTInterpreter.java:75)
    at org.jruby.internal.runtime.methods.InterpretedMethod.call(InterpretedMethod.java:112)
    at org.jruby.internal.runtime.methods.InterpretedMethod.call(InterpretedMethod.java:126)
    at org.jruby.internal.runtime.methods.DefaultMethod.call(DefaultMethod.java:163)
    at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:296)
    at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:72)
    at org.jruby.ast.CallManyArgsNode.interpret(CallManyArgsNode.java:59)
    at org.jruby.ast.FCallOneArgNode.interpret(FCallOneArgNode.java:36)
    at org.jruby.ast.NewlineNode.interpret(NewlineNode.java:105)
    at org.jruby.ast.BlockNode.interpret(BlockNode.java:71)

What is the expected output? What do you see instead?
  <span style = "font-size:10pt;" >paragraph</span>

What version of the product are you using? On what operating system?
antisamy-1.5.3
nekohtml-1.9.6
batik-1.5-fop-0.20-5
xerceslmpl-2.9.1

Please provide any additional information below.

Original issue reported on code.google.com by abbhishekshet on 2 Sep 2013 at 8:04

GoogleCodeExporter commented 9 years ago
Hi,
 Can someone please tell me what workaround can I use since this is a blocker in my application as end users are not able to post anything on the website

Original comment by abbhishekshet on 30 Sep 2013 at 7:21

GoogleCodeExporter commented 9 years ago
Hi All,
  I fixed this issue by just replacing the dependent jars with the latest ones and it disappeared, this issue can be marked closed.

Use these jars as dependencies for antisamy.jar(1.5) 

xercesImpl.jar, 
xml-apis.jar
nekohtml.jar
sac.jar 
commons-httpclient-3.1.jar

Batik 1.7: batik-css.jar, batik-util.jar, xml-apis-ext.jar 

Original comment by abbhishekshet on 30 Sep 2013 at 11:39

GoogleCodeExporter commented 9 years ago
How are/were you managing dependencies?  Were you getting this exception using 
the jars specified in the pom.xml?

Original comment by tad...@gmail.com on 30 Dec 2013 at 3:29