xiebiao / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
0 stars 0 forks source link

Cannot use the value rect(a b c d) for the property clip #183

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
--------------------------------------
Define an tag with the property clip:
e.g. <span style="clip: rect(1.231em 1000.003em 3.849em -0.425em);">test</span>

In antisamy use the following rule for clip:
<property name="clip" description="">
  <category-list>
    <category value="visual" />
  </category-list>
  <literal-list>
    <literal value="auto" />
      <literal value="initial" />
      <literal value="inherit" />
  </literal-list>
  <regexp-list>
    <regexp value=".*" />
  </regexp-list>
</property>

What is the expected output? What do you see instead?
-----------------------------------------------------
The value should be accepted but it is rejected whatever the value of the regexp
(The span tag had a style attribute, "clip", that could not be allowed for 
security reasons).

What version of the product are you using? On what operating system?
--------------------------------------------------------------------
antisamy 1.5.3

Original issue reported on code.google.com by franck.v...@googlemail.com on 12 Sep 2014 at 7:08