Open GoogleCodeExporter opened 9 years ago
My updates which fix the defect... source modified came from trunk.
DefaultSecurityConfiguration.java is optional... it allows the
antisamy-esapi.xml to be loaded from the classpath.
Original comment by phillipr...@gmail.com
on 28 Dec 2010 at 6:40
Attachments:
Updated the attached HTMLValidationRule.java to handle the allowNull case:
/**
* {@inheritDoc}
*/
@Override
public boolean isValid( String context, String input ) {
try {
CleanResults results = invokeAntiSamy( context, input );
if (results == null) {
if (allowNull) {
return true;
} else {
return false; // Shouldn't happen as ValidationException will be thrown but just in case invokeAntiSamy changes
}
}
return results.getErrorMessages().isEmpty();
} catch (ValidationException ve) {
return false;
}
}
Original comment by phillipr...@gmail.com
on 28 Dec 2010 at 9:57
Hi,
Is it changed/Fixed in Esapi2.0.1 final release? We are planning to use
antiSamy with ESAPI in our project and i need information if we will get error
results too.
Original comment by shilpi.a...@gmail.com
on 9 Aug 2012 at 8:46
I don't know if its changed in 2.0.1. I built my own ESAPI with it
fix at my last job. Recently I just used antiSamy alone to do HTML
validation or purification. I think its a little simpler. As ESAPI
is just a pass through for that feature. I post the code patch need
to fix it in my buy report. Good Luck.
Original comment by phillipr...@gmail.com
on 10 Aug 2012 at 3:25
Thanks for your input Phillip.
Original comment by shilpi.a...@gmail.com
on 10 Aug 2012 at 3:44
+1 on getting the classpath loading fixed. These inconsistencies make it harder
for folks to get the library working for eval.
Original comment by pafri...@gmail.com
on 17 Aug 2012 at 8:38
+1 These are exactly the two issues I encountered when trying to use ESAPI
2.1.0, I hope this will get some priority, especially the method
"isValidSafeHTML" is really confusing - it's actually saying that
"<script>alert(1)</script>" is *valid* and *safe* HTML.
Original comment by bre...@gmail.com
on 27 Nov 2013 at 5:59
+1 Tried to use isValidSafeHTML with ESAPI 2.1.0 and stuck with following
exception. Any resolution?
Caused by: org.owasp.esapi.errors.ConfigurationException: Couldn't find
antisamy-esapi.xml
at org.owasp.esapi.reference.validation.HTMLValidationRule.<clinit>(HTMLValidationRule.java:55)
... 31 more
Original comment by rushabhd...@gmail.com
on 8 Jan 2014 at 7:51
This is scheduled for v2.2
Original comment by chrisisbeef
on 18 Sep 2014 at 8:41
Original comment by chrisisbeef
on 18 Sep 2014 at 8:41
Original comment by kevin.w.wall@gmail.com
on 23 Sep 2014 at 1:51
Original comment by kevin.w.wall@gmail.com
on 27 Sep 2014 at 3:09
Original issue reported on code.google.com by
phillipr...@gmail.com
on 28 Dec 2010 at 5:49