search

fmorote / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
0 stars 0 forks source link

incorrect CSS error handling #48

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
ParseExceptions thrown by the batik css parser are not being caught,
instead they cause the cleaner to fail.  The attached patch fixes the
issue, though the error message may need to be updated (and added to all
the localized message bundles)

Original issue reported on code.google.com by sean.bri...@gmail.com on 28 Jul 2009 at 10:10

Attachments:

GoogleCodeExporter commented 9 years ago 
batik may also throw a NumberFormatException,

    at java.lang.NumberFormatException.forInputString(NumberFormatException.java:48)
    at java.lang.Long.parseLong(Long.java:403)
    at java.lang.Long.parseLong(Long.java:461)
    at org.apache.batik.css.parser.Parser.parseTerm(Parser.java:959)
    at org.apache.batik.css.parser.Parser.parseExpression(Parser.java:934)
    at org.apache.batik.css.parser.Parser.parseStyleDeclaration(Parser.java:874)
    at org.apache.batik.css.parser.Parser.parseRuleSet(Parser.java:604)
    at org.apache.batik.css.parser.Parser.parseStyleSheet(Parser.java:233)
    at org.owasp.validator.css.CssScanner.scanStyleSheet(CssScanner.java:131)
    at
org.owasp.validator.html.scan.AntiSamyDOMScanner.recursiveValidateTag(AntiSamyDO
MScanner.java:431)
    at
org.owasp.validator.html.scan.AntiSamyDOMScanner.recursiveValidateTag(AntiSamyDO
MScanner.java:372)
    at
org.owasp.validator.html.scan.AntiSamyDOMScanner.recursiveValidateTag(AntiSamyDO
MScanner.java:372)
    at org.owasp.validator.html.scan.AntiSamyDOMScanner.scan(AntiSamyDOMScanner.java:173)

The patch attached will handle that as well.

Original comment by sean.bri...@gmail.com on 28 Jul 2009 at 10:42

Attachments:

GoogleCodeExporter commented 9 years ago

Original comment by arshan.d...@gmail.com on 3 Aug 2009 at 2:32

GoogleCodeExporter commented 9 years ago 
Both the ParseException and NFE are being caught, although I don't suspect the
ParseException can hit that location anymore after fixing related bug #30.

Thanks for the report and the patch!

Original comment by arshan.d...@gmail.com on 3 Aug 2009 at 6:30