Nested attributes cannot be validated

dqw / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy

0 stars 0 forks source link

Nested attributes cannot be validated #87

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

Nested attributes as 
<a onmouseover=window.location.href="http://www.gmail.com">gotcha</a> should be 
able to be validated.

What version of the product are you using? On what operating system?
AntiSamy Java version 1.4.1 running on Windows XP with JDK 1.4.

Original issue reported on code.google.com by joao.m.g...@gmail.com on 1 Oct 2010 at 3:05

GoogleCodeExporter commented 8 years ago

Can you show the output, what you expect the output to be, and a reason why you 
think it should behave differently?

Original comment by arshan.d...@gmail.com on 6 Oct 2010 at 3:13

Added labels: Priority-Low
Removed labels: Priority-Medium

GoogleCodeExporter commented 8 years ago

It is thought the submitter wanted to be able to validate the JavaScript within 
an event handler, which a large effort for little gain increases the attack 
surface considerably since it involves parsing JavaScript.

Marking as "WontFix" for these reasons.

Original comment by arshan.d...@gmail.com on 15 Nov 2010 at 9:55

Changed state: WontFix
Added labels: Type-Enhancement
Removed labels: Type-Defect