Regex color error in antisamy-slashdot-1.1.1.xml

xiebiao / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy

0 stars 0 forks source link

Regex color error in antisamy-slashdot-1.1.1.xml #6

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

In the policy file antisamy-slashdot-1.1.1.xml, the line beginning:

<regexp name="colorNameOrCode" value="(#[0-9a-zA-Z]{6} ....

Seems like it should be:

<regexp name="colorNameOrCode" value="(#[0-9a-fA-F]{6} ....

Presuming that this regex is for detecting hex colors. This error also
occurs in other policy files which specify colorNameOrCode.

Original issue reported on code.google.com by thedownw...@gmail.com on 8 May 2008 at 12:04

GoogleCodeExporter commented 9 years ago

Totally right - I also loosened up the color name regular expression given the 
real
list of colors available to developers:

http://www.w3schools.com/HTML/html_colornames.asp

Thanks!

Original comment by arshan.d...@gmail.com on 25 May 2008 at 1:14

Changed state: Verified
Added labels: Priority-Low
Removed labels: Priority-Medium