xiebiao / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
0 stars 0 forks source link

onsiteUrl should accept percentage sign. #14

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
If I give to Antisamy a string like:

<a href="/foo/bar.do?%24id=1">hello</a>

it will return:
<a>hello</a>

because the onsiteURL regex doesn't include the percentage sign.

I noticed that the offsiteURL already takes the percentage, is there a
reason why we shouldn't accept it for onsiteURL or was it just a typo?

Thanks!

Original issue reported on code.google.com by carlos.a...@gmail.com on 20 Jun 2008 at 2:43

GoogleCodeExporter commented 9 years ago
Must have been missed at some point. It will be added.

Original comment by arshan.d...@gmail.com on 8 Jul 2008 at 8:22

GoogleCodeExporter commented 9 years ago

Original comment by arshan.d...@gmail.com on 8 Jul 2008 at 8:22

GoogleCodeExporter commented 9 years ago
Same thing with the dollar sign ($) and the plus sign (+).

Original comment by carlos.a...@gmail.com on 27 Jul 2008 at 5:25

GoogleCodeExporter commented 9 years ago
Fixed in the baseline. Look for this in the next version.

Original comment by arshan.d...@gmail.com on 8 Aug 2008 at 7:38