xiebiao / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
0 stars 0 forks source link

scrubs javascript popup code in antisamy for anchor tag #175

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. submit the following code antisamy
 <a href='http://gmail.com'onclick="window.open(this.href,'','resizable=no,location=no,menubar=no,scrollbars=no,status=no,toolbar=no,fullscreen=no,dependent=no,status'); return false">gmail.com</a> 

2. then observe the output

What is the expected output? What do you see instead?

<a href='http://gmail.com' 
onclick="window.open(this.href,'','resizable=no,location=no,menubar=no,scrollbar
s=no,status=no,toolbar=no,fullscreen=no,dependent=no,status'); return 
false">gmail.com</a> 

Actual result is:

<a href="http://javaEra.com">javaEra.com</a>

What version of the product are you using? On what operating system?
anti-samy 1.5.2

Please provide any additional information below.

I enclosed a my policy  file

can any one help me 

Thanks

Original issue reported on code.google.com by nareshre...@gmail.com on 27 Jan 2014 at 9:36

Attachments: