What steps will reproduce the problem?
1. Submit <img/src="1"/onerror=alert('XSS')> or <%tag
style="width:expression(alert('XSS'))"> to the scan() method
2. Returns <img> and <%tag
style="width:expression(alert('XSS'))">, respectively, with
nothing raised in getErrorMessages() method
What is the expected output? What do you see instead?
We expected to see an error raised in getErrorMessages() method, but no error
was raised.
What version of the product are you using? On what operating system?
1.5.2 on multiple OSes
Please provide any additional information below.
Original issue reported on code.google.com by dprofan...@gmail.com on 26 Jul 2013 at 2:02
Original issue reported on code.google.com by
dprofan...@gmail.comon 26 Jul 2013 at 2:02