Comments (5)
javaarch4u
commented on July 24, 2024
Hi @choffware! I am facing same problem, Please let me know if you were able to resolve it. Thanks in advance!
from antisamy.
davewichers
commented on July 24, 2024
Hey @choffware and @javaarch4u. I can't reproduce this misbehavior in either the SAX or DOM parsers. Can you give me more details on your exact setup so I can reproduce? This is the test case I wrote to try to reproduce this:
@Test
public void testGithubIssue23() throws ScanException, PolicyException {
String test23 = "<ul><li>one</li><li>two</li><li>three<ul><li>a</li><li>b</li></ul></li></ul>";
// Issue indicates you end up with this:
// <ul><li>one</li><li>two</li><li>three<ul></ul></li><li>a</li><li>b</li></ul>
// Meaning the <li>a</li><li>b</li> elements were moved outside of the nested <ul> list they were in
// The a.replaceAll("\\s","") is used to strip out all the whitespace in the CleanHTML so we can successfully find
// what we expect to find.
assertThat(as.scan(test23, policy, AntiSamy.SAX).getCleanHTML().replaceAll("\\s",""), containsString("<ul><li>a</li>"));
assertThat(as.scan(test23, policy, AntiSamy.DOM).getCleanHTML().replaceAll("\\s",""), containsString("<ul><li>a</li>"));
}
I've actually checked in this test case into the 1.5.8 branch on github, so you can run it yourself. The 1.5.8 branch includes a bunch of library upgrades but I doubt that would have any affect on this test.
from antisamy.
davewichers
commented on July 24, 2024
Given that two different people have indicated they are seeing this misbehavior, we are going to leave this open for a while. Can you guys let us know your setup that replicates this bug?
from antisamy.
javaarch4u
commented on July 24, 2024
Thanks for looking in to this Dave! I appreciate it! I was actually able to identify the root cause of this problem. When there is tika parser’s dependency; boilerpipe.jar; in the classpath, antisamy loads faulty classes from boilerpipe.jar instead of nekohtml jar file. When i removed boilerpipe jar dependency from my project, everything worked as expected.
from antisamy.
davewichers
commented on July 24, 2024
Thanks for the reply! And the solution to your problem. Hopefully, if @choffware sees this, he has the same or a similar issue, and can fix his setup too. I'm going to close this as its not an AntiSamy bug.
from antisamy.
Related Issues (20)
- Removing Xerces dependency? HOT 3
- Does Antisamy has support for custom css properties " --* " and css-function " var() " and how to define it in the antisamy policy file? HOT 10
- Enabled noopenerAndNoreferrerAnchors policy drops nofollow HOT 7
- Covering all cases of "rel" attribute in "anchor" tag is quite verbose HOT 3
- Investigate replacing Batik CSS HOT 1
- Dealing with Security Vulnerabilities CVE-2023-26119 HOT 13
- AntiSamy encodes unknown tags despite not being configured that way HOT 6
- GraalVM Support HOT 4
- noopenerAndNoreferrerAnchors policy directive seems disabled by default in 1.7.2 version HOT 2
- How to find if vulnerable script is present in the input HOT 8
- Is there a way to not encode certain HTML Entities? HOT 6
- antisamy:1.7.3 contains batik-css:1.16 that has CVE-2022-44729 vulnerability HOT 1
- Sanitized output for same tainted input differs from AntiSamy 1.7.3 to 1.7.4 HOT 6
- Regex named: "Paragraph", is causing "StackOverFlowError" HOT 8
- the argument 'policy' never be used HOT 1
- antiSamy.scan(input, policy) giving the following as not a valid html. HOT 8
- Prevent formatting and translation of css HOT 3
- Antisamy 1.7.5 version - <body> tag issue HOT 34
- When my runtime environment is a Chinese encoding environment, the list of error messages returned is garbled HOT 3
- Selfclosing Break Line Tag <br /> tag in html content is converted into <br> open tag. HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from antisamy.