google-code-export / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
1 stars 1 forks source link

Empty textarea tag should not be self closed #170

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Used the "low-security-policy.xml". Provided as attachment.
2. scan the text "<textarea></textarea>"

Output is "<textarea/>"
But output should be "<textarea></textarea>"

Used antisamy-1.5.2.jar on Windows 7.

Original issue reported on code.google.com by chaitany...@vidyayug.com on 19 Dec 2013 at 1:08

Attachments:

GoogleCodeExporter commented 9 years ago
Hi All,

I have also problem ,Now what is the solution for this one.

Thanks i advance.

Original comment by nareshre...@gmail.com on 27 Dec 2013 at 11:04

GoogleCodeExporter commented 9 years ago
These two are equivalent, what is the problem?

Original comment by tad...@gmail.com on 30 Dec 2013 at 3:24

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
As for my knowledge textarea is not self closing tag,it should have a starting 
tag and ending tag like <textarea></textarea>.
so its not correct as for html syntax.

http://stackoverflow.com/questions/5665833/textarea-tag-swallows-html

Original comment by naresh.k...@vidyayug.com on 2 Jan 2014 at 4:48

GoogleCodeExporter commented 9 years ago
Actually i came to know that  the anti-samy code allows html code like 
<textarea id="forcesTextareaId"/> and then should convert to safe html like 
<textarea id="forcesTextareaId"></textarea> 
i think i have to  write the tag rules for textarea tag, so can any one please 
suggest me how to write the tag rules in policy file or alternative for this 
issue.

Original comment by naresh.k...@vidyayug.com on 7 Jan 2014 at 2:14

GoogleCodeExporter commented 9 years ago
Hi,

I found a solution for the above issue :

just remove <literal value="textarea"/> from policy file, now its working.

Original comment by naresh.k...@vidyayug.com on 11 Jan 2014 at 4:59