jeff377 / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
0 stars 0 forks source link

Cleaning a fragment without markup results in a clean fragment, not an entire html document #57

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Using the antisamy-1.3.xml policy file, clean the string "Hello world!".

What is the expected output? What do you see instead?
I expected a full HTML document, including html and body tags.
Instead, I see just the original string (Hello world!).

What version of the product are you using? On what operating system?
AntiSamy 1.3 on Windows XP.

Please provide any additional information below.
I'm using the latest nekohtml.jar file from CyberNeko, version 1.9.13.

Original issue reported on code.google.com by danr...@gmail.com on 16 Oct 2009 at 5:29

GoogleCodeExporter commented 8 years ago
What you're looking for is not AntiSamy's design. The majority of our users 
take the
input and stick into a portion of a web page, and thus require a fragment 
rather than
a full body.

You can accomplish your use case by running your input through NekoHTML Before
running it through AntiSamy, however. This will cause NekoHTML to be run twice 
in the
process, which although not ideal is not a huge hit.

Original comment by arshan.d...@gmail.com on 24 Nov 2009 at 3:14