search

mendix / RestServices

REST service module for Mendix. Supports consuming and publishing REST based services and real-time data synchronization. Supports JSON, form-encoded, multipart and binary data transport.
Apache License 2.0
31 stars 46 forks source link

Validation issues #107

Open fraballi opened 4 years ago

fraballi commented 4 years ago

There are some issues parsing pseudo-selectors, even when regexp were tested for expressions: Where would you recommend dealing with this kind of security issues in antisamy.xml.

The selectors were:

    *.cf:after
    *.cf:before
    *:after
    *:before
    input[type="email"]
    input[type="text"]
    input[type="password"]
    input[type="checkbox"]
    input[type="radio"]
    input[type="search"]

Log:

0 = "The stylesheet had a property, "display", that could not be allowed for security reasons."
1 = "The stylesheet had a property, "quotes", that could not be allowed for security reasons."
2 = "The stylesheet had a selector, "*.cf:after", that could not be allowed for security reasons."
3 = "The stylesheet had a selector, "*.cf:before", that could not be allowed for security reasons."
4 = "The stylesheet had a selector, "*.cf:after", that could not be allowed for security reasons."
5 = "The stylesheet had a selector, "*:before", that could not be allowed for security reasons."
6 = "The stylesheet had a selector, "*:after", that could not be allowed for security reasons."
7 = "The stylesheet had a selector, "input[type="email"]", that could not be allowed for security reasons."
8 = "The stylesheet had a selector, "input[type="text"]", that could not be allowed for security reasons."
9 = "The stylesheet had a selector, "input[type="password"]", that could not be allowed for security reasons."
10 = "The stylesheet had a selector, "input[type="email"]:focus", that could not be allowed for security reasons."
11 = "The stylesheet had a selector, "input[type="text"]:focus", that could not be allowed for security reasons."
12 = "The stylesheet had a selector, "input[type="password"]:focus", that could not be allowed for security reasons."
13 = "The stylesheet had a selector, "input[type="checkbox"]", that could not be allowed for security reasons."
14 = "The stylesheet had a selector, "input[type="radio"]", that could not be allowed for security reasons."
15 = "The stylesheet had a selector, "input[type="search"]", that could not be allowed for security reasons."