Closed GoogleCodeExporter closed 8 years ago
Hi,
This works properly with the following code,
CssScanner scanner = new CssScanner(policy, messages);
CleanResults cr1 = scanner.scanInlineStyle(...)
Cheers!
Original comment by Joyd...@gmail.com
on 6 Mar 2012 at 10:39
What is the exact string value you pass to as.scan()? The string:
" stYle=x:expre/**/ssion(alert(9)) ns="
Is not inherently dangerous unless it is stuck into an existing, quoted, HTML
attribute. This is now how AntiSamy values are intended to be used. AntiSamy
content should be placed between a start and close tag, e.g.:
<div>${antiSamyOutput}</div>
Original comment by arshan.d...@gmail.com
on 29 Mar 2012 at 4:01
Closed due to lack of response.
Original comment by arshan.d...@gmail.com
on 24 Jun 2012 at 5:20
Original issue reported on code.google.com by
Joyd...@gmail.com
on 6 Mar 2012 at 8:59