VM Out of Memory error

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Try to clean this: <SCRIPT =">" SRC=""></SCRIPT>

This causes an infinite recursion loop and runs the VM out of memory.

Original issue reported on code.google.com by jason.cl...@gmail.com on 15 Dec 2008 at 9:32

[GoogleCodeExporter]

This doesn't appear to work in the latest NekoHTML version 1.9.11 and therefore 
will
be gone by the next minor release. Make sure your NekoHTML is up to date!

Original comment by arshan.d...@gmail.com on 21 Jan 2009 at 7:12

• Changed state: Fixed

[GoogleCodeExporter]

Original comment by arshan.d...@gmail.com on 3 Aug 2009 at 2:45

• Changed state: Verified

[GoogleCodeExporter]

I think this is the same issue, the following string also causes an 
OutofMemoryError:

<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>

Here is the stack trace:

java.lang.OutOfMemoryError: Java heap space
    at org.apache.xerces.util.XMLStringBuffer.append(Unknown Source)
    at org.cyberneko.html.HTMLScanner$SpecialScanner.scanCharacters(HTMLScanner.java:3011)
    at org.cyberneko.html.HTMLScanner$SpecialScanner.scan(HTMLScanner.java:2845)
    at org.cyberneko.html.HTMLScanner.scanDocument(HTMLScanner.java:877)
    at org.cyberneko.html.HTMLConfiguration.parse(HTMLConfiguration.java:495)
    at org.cyberneko.html.HTMLConfiguration.parse(HTMLConfiguration.java:448)
    at org.cyberneko.html.parsers.DOMFragmentParser.parse(DOMFragmentParser.java:166)
    at org.owasp.validator.html.scan.AntiSamyDOMScanner.scan(AntiSamyDOMScanner.java:158)
    at org.owasp.validator.html.AntiSamy.scan(AntiSamy.java:89)
    at org.owasp.validator.html.AntiSamy.scan(AntiSamy.java:80)

Original comment by lanc...@gmail.com on 8 Sep 2009 at 5:04

[GoogleCodeExporter]

Confirmed that upgrading to nekohtml.jar 1.9.13 fixes this.

Original comment by lanc...@gmail.com on 8 Sep 2009 at 5:18