goodcui / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
0 stars 0 forks source link

AntiSamy validation with SAX parser not closing empty tags #116

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. run antisamy using SAX parser on any html that has empty tags, i.e <img 
src="http://foo.com/pic.gif" />
2.
3.

What is the expected output? What do you see instead?
the img tag should still be closed but instead it is change to <img 
src="http://foo.com/pick.gif> without the ending "/"

What version of the product are you using? On what operating system?
JDK 1.6, Mac OS X (1.6.8), AntiSamy 1.4.4

Please provide any additional information below.
I have attached unit test, policy, and input html to show the issue.

Original issue reported on code.google.com by arthur....@gmail.com on 3 Aug 2011 at 9:01

Attachments:

GoogleCodeExporter commented 9 years ago
Forgot to include this information:

This problem does not exists in the DOM parser as far as I can tell

Original comment by arthur....@gmail.com on 3 Aug 2011 at 9:27

GoogleCodeExporter commented 9 years ago
I took at a look at the source code from /tags/Java/antisamy-project-1.4.4 
(latest release) to see if I can fix this.

I found that AntiSamySAXScanner does not honor the "useXHTML" flag in the 
policy files.  So when it is creating the transformer it is always using "HTML" 
output instead of "XML" when "useXHTML" is true.

I made a patch that fixes the issue.  However there are failures when I run the 
unit tests and I don't know enough about the tests to make changes to them.

I have attached the patch for AntiSamySaxScanner if someone can apply this and 
update the test cases that would be greatly appreciated.

Original comment by arthur....@gmail.com on 4 Aug 2011 at 7:50

Attachments:

GoogleCodeExporter commented 9 years ago
Fixed in HEAD. Thanks! The XHTML directive was ignored in SAX, unfortunately.

Original comment by arshan.d...@gmail.com on 14 Sep 2011 at 8:55