rjatkins / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
0 stars 0 forks source link

Does antisamy support style attribute of the image tag #104

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
I want to pass image tag with style attribute. I tried several ways but
I could not pass the style attribute of the image tag.

I am using antisamy-bin.1.3.jar. OS is windows xp.

I am getting only one line exception without any further details:
java.lang.IllegalStateException

<img style="width: 79px; height: 85px;" 
src="https://localhost:8443/app/uploadimg/975219641770774_com.jpg">

My antisamy-1.3.xml rules:
<tag-rules>
        <tag name="img" action="validate">
            <attribute name="src" onInvalid="removeTag">
                <regexp-list>
                    <regexp name="onsiteURL"/>
                    <regexp name="offsiteURL"/>
                </regexp-list>
            </attribute>           
                    <attribute name="height"/>
            <attribute name="width"/>
            <attribute name="style"/>
        </tag>
</tag-rules>
<css-rules> 
        <property name="width" description="">
            <category-list>
                <category value="visual"/>
            </category-list>
            <literal-list>
                <literal value="auto"/>
                <literal value="inherit"/>
            </literal-list>
            <regexp-list>
                <regexp name="length"/>
                <regexp name="percentage"/>
            </regexp-list> 
        </property>
        <property name="height" default="auto" description="">
            <category-list>
                <category value="visual"/>
            </category-list>
            <literal-list>
                <literal value="auto"/>
                <literal value="inherit"/>
            </literal-list>
            <regexp-list>
                <regexp name="length"/>
                <regexp name="percentage"/>
            </regexp-list>
        </property>

    </css-rules>

Original issue reported on code.google.com by firoj.bo...@gmail.com on 14 Mar 2011 at 2:12

GoogleCodeExporter commented 9 years ago
Two questions:

1) Your img tag is unclosed. Is it meant to be?
2) Can you try against a more recent version?

Original comment by arshan.d...@gmail.com on 22 Mar 2011 at 12:22

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
Sorry for delay reply. I was busy with other projects.

1) Your img tag is unclosed. Is it meant to be?
And: Sorry, I paste it wrongly. The image tag should be 
"<img style="width: 79px; height: 85px;" 
src="https://localhost:8443/app/uploadimg/975219641770774_com.jpg>"

Actually, I have NicEdit (WYSIWYG editor) on the jsp page. The NicEdit created
image tag wihtout closing it.  

2) Can you try against a more recent version?
I tried with recent version of antisamy-1.4.4.jar file but I did not pass the 
style attribute. 

However, I will try to add closing image tag before scanning it against 
antisamy.

Original comment by firoj.bo...@gmail.com on 22 Mar 2011 at 3:16

GoogleCodeExporter commented 9 years ago
It's still missing a quote at the end of the "src" attribute.

Original comment by arshan.d...@gmail.com on 7 Jun 2011 at 5:22

GoogleCodeExporter commented 9 years ago
Since I haven't heard back on this in a few months, I'm guessing it's been 
addressed. Closing.

Original comment by arshan.d...@gmail.com on 23 Aug 2011 at 10:17