search

l1183479157 / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
0 stars 0 forks source link

NullPointerException if onUnknownTag set to 'encode' #158

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. set <directive name="onUnknownTag" value="encode"/> in antisamy.xml 
2. run simple scan scan("<im<img src='http://'>", policy)
3. NullPointerException thrown

java.lang.NullPointerException
    at org.owasp.validator.html.scan.AntiSamyDOMScanner.encodeAndPromoteChildren(AntiSamyDOMScanner.java:802)
    at org.owasp.validator.html.scan.AntiSamyDOMScanner.encodeTag(AntiSamyDOMScanner.java:314)
    at org.owasp.validator.html.scan.AntiSamyDOMScanner.recursiveValidateTag(AntiSamyDOMScanner.java:277)
    at org.owasp.validator.html.scan.AntiSamyDOMScanner.processChildren(AntiSamyDOMScanner.java:667)
    at org.owasp.validator.html.scan.AntiSamyDOMScanner.processChildren(AntiSamyDOMScanner.java:657)
    at org.owasp.validator.html.scan.AntiSamyDOMScanner.scan(AntiSamyDOMScanner.java:157)
    at org.owasp.validator.html.AntiSamy.scan(AntiSamy.java:93)

Original issue reported on code.google.com by andreim...@gmail.com on 20 Mar 2013 at 12:03

GoogleCodeExporter commented 9 years ago 
The sample content is "<im<img src='http://'>", using modified antisamy.xml 
from Java\antisamy-sample-configs\src\main\resources\antisamy.xml

Original comment by andreim...@gmail.com on 20 Mar 2013 at 12:09