parser going in an infinite loop ending to an OutOfMemoryError

[GoogleCodeExporter]

What steps will reproduce the problem?

I use antisamy to sanitize RSS and Atom feeds,  on one of these feed, i'v
found a html fragment that end in an OutOfMemoryError.

I use this simple groovy script to reproduce the problem :

with the bad html fragment in attachement.

#!/usr/bin/env groovy

import org.owasp.validator.html.*;

Policy policy = Policy.getInstance('antisamy-slashdot-1.3.xml');

AntiSamy asamy = new AntiSamy()
String dirtyInput = new File("bad.html").text
CleanResults cr = asamy.scan(dirtyInput, policy)
println cr.getCleanHTML()

What is the expected output? What do you see instead?

./test.groovy 
Caught: java.lang.OutOfMemoryError: Java heap space
    at test.run(test.groovy:11)

I think somewhere the parser goes in an infinite loop

What version of the product are you using? On what operating system?

antisamy-1.3 on macos-10.6

Please provide any additional information below.

Original issue reported on code.google.com by Fabrice....@gmail.com on 26 Mar 2010 at 5:26

Attachments:

• bad.html

[GoogleCodeExporter]

Will investigate.

Original comment by arshan.d...@gmail.com on 1 Jun 2010 at 4:53

[GoogleCodeExporter]

Can you share your stack trace and try it against the HEAD?

Original comment by arshan.d...@gmail.com on 3 Feb 2011 at 8:31

[GoogleCodeExporter]

I haven't tried the head, but I am seeing OOMEs in v1.3 on the following very 
short mangled script tag:

<script src="<. ">"></script>

Original comment by teonanac...@gmail.com on 1 Mar 2011 at 9:57

[GoogleCodeExporter]

Tested in 1.4.4 and 1.4.5 and cannot reproduce.

Original comment by tad...@gmail.com on 3 Oct 2012 at 3:25

[GoogleCodeExporter]

A large number of such errors have been fixed in the nekohtml lib which we have 
upgraded for the 1.5 release. I am marking this as fixed; please re-open with 
test case if it turns up with 1.5

Original comment by kristian...@gmail.com on 28 Jan 2013 at 7:14

• Changed state: Fixed