"face" font attribute should accept hyphen in default policies.

xiebiao / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy

0 stars 0 forks source link

"face" font attribute should accept hyphen in default policies. #26

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

In the example policy "antisamy-myspace-1.2.xml" the face attribute doesn't
accept the hyphen:

<attribute name="face">
  <regexp-list>
    <regexp value="[\w;, ]+"/>
  </regexp-list>
</attribute>

So something like:

<font face="sans-serif">hello</font>

Won't be accepted, the hyphen should probably be added, example:

<attribute name="face">
  <regexp-list>
    <regexp value="[\w;, \-]+"/>
  </regexp-list>
</attribute>

Original issue reported on code.google.com by carlos.a...@gmail.com on 4 Sep 2008 at 4:44

GoogleCodeExporter commented 9 years ago

Original comment by arshan.d...@gmail.com on 19 Nov 2008 at 7:10

Added labels: Priority-Low
Removed labels: Priority-Medium

GoogleCodeExporter commented 9 years ago

Original comment by arshan.d...@gmail.com on 19 Nov 2008 at 7:14

Changed state: Accepted

GoogleCodeExporter commented 9 years ago

Original comment by arshan.d...@gmail.com on 21 Nov 2008 at 7:34

Changed state: Fixed

GoogleCodeExporter commented 9 years ago

Original comment by arshan.d...@gmail.com on 3 Aug 2009 at 2:44

Changed state: Verified