google-code-export / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
1 stars 1 forks source link

Allow verbose logging for improperly formatted tags #165

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Submit <img/src="1"/onerror=alert('XSS')> or <%tag 
style="width:expression(alert('XSS'))"> to the scan() method
2. Returns <img> and &lt;%tag 
style=&quot;width:expression(alert('XSS'))&quot;&gt;, respectively, with 
nothing raised in getErrorMessages() method

What is the expected output? What do you see instead?
We expected to see an error raised in getErrorMessages() method, but no error 
was raised.

What version of the product are you using? On what operating system?
1.5.2 on multiple OSes

Please provide any additional information below.

Original issue reported on code.google.com by dprofan...@gmail.com on 26 Jul 2013 at 2:02