Closed GoogleCodeExporter closed 9 years ago
This doesn't appear to work in the latest NekoHTML version 1.9.11 and therefore
will
be gone by the next minor release. Make sure your NekoHTML is up to date!
Original comment by arshan.d...@gmail.com
on 21 Jan 2009 at 7:12
Original comment by arshan.d...@gmail.com
on 3 Aug 2009 at 2:45
I think this is the same issue, the following string also causes an
OutofMemoryError:
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
Here is the stack trace:
java.lang.OutOfMemoryError: Java heap space
at org.apache.xerces.util.XMLStringBuffer.append(Unknown Source)
at org.cyberneko.html.HTMLScanner$SpecialScanner.scanCharacters(HTMLScanner.java:3011)
at org.cyberneko.html.HTMLScanner$SpecialScanner.scan(HTMLScanner.java:2845)
at org.cyberneko.html.HTMLScanner.scanDocument(HTMLScanner.java:877)
at org.cyberneko.html.HTMLConfiguration.parse(HTMLConfiguration.java:495)
at org.cyberneko.html.HTMLConfiguration.parse(HTMLConfiguration.java:448)
at org.cyberneko.html.parsers.DOMFragmentParser.parse(DOMFragmentParser.java:166)
at org.owasp.validator.html.scan.AntiSamyDOMScanner.scan(AntiSamyDOMScanner.java:158)
at org.owasp.validator.html.AntiSamy.scan(AntiSamy.java:89)
at org.owasp.validator.html.AntiSamy.scan(AntiSamy.java:80)
Original comment by lanc...@gmail.com
on 8 Sep 2009 at 5:04
Confirmed that upgrading to nekohtml.jar 1.9.13 fixes this.
Original comment by lanc...@gmail.com
on 8 Sep 2009 at 5:18
Original issue reported on code.google.com by
jason.cl...@gmail.com
on 15 Dec 2008 at 9:32