Comments (4)
davewichers
commented on July 24, 2024
Can you provide the exact policy change you've implemented so we can try to reproduce this behavior?
from antisamy.
sk2atlas
commented on July 24, 2024
<tag name="a" action="remove"/>
from antisamy.
davewichers
commented on July 24, 2024
I just tested this policy and it worked fine for me. Are you sure you are putting this new policy change into the antisamy.xml file in the proper place, and the modified antisamy.xml file is actually being used by your test?
In my test I did this:
Policy policy = Policy.getInstance("PathTo/My/Custom/policy/antisamy_37.xml");
AntiSamy as = new AntiSamy():
System.out.println(as.scan("Test XML String Goes Here", policy, AntiSamy.SAX).getCleanHTML());
System.out.println(as.scan("Test XML String Goes Here", policy, AntiSamy.DOM).getCleanHTML());
And in both cases all the tags got stripped out of the Test XML String.
And in antisamy_37.xml, I added: in the block of the antisamy.xml file.
Are you testing like this? If not, can you try and verify it actually does (or does not) work for you?
from antisamy.
davewichers
commented on July 24, 2024
Given that this worked for me, and @sk2atlas hasn't responded with more details to confirm this issue, I'm closing this. Feel free to reopen if you can provide a working example of this failure.
from antisamy.
Related Issues (20)
- CVE-2022-24891 HOT 7
- Removing Xerces dependency? HOT 3
- Does Antisamy has support for custom css properties " --* " and css-function " var() " and how to define it in the antisamy policy file? HOT 10
- Enabled noopenerAndNoreferrerAnchors policy drops nofollow HOT 7
- Covering all cases of "rel" attribute in "anchor" tag is quite verbose HOT 3
- Investigate replacing Batik CSS HOT 1
- Dealing with Security Vulnerabilities CVE-2023-26119 HOT 13
- AntiSamy encodes unknown tags despite not being configured that way HOT 6
- GraalVM Support HOT 4
- noopenerAndNoreferrerAnchors policy directive seems disabled by default in 1.7.2 version HOT 2
- How to find if vulnerable script is present in the input HOT 8
- Is there a way to not encode certain HTML Entities? HOT 6
- antisamy:1.7.3 contains batik-css:1.16 that has CVE-2022-44729 vulnerability HOT 1
- Sanitized output for same tainted input differs from AntiSamy 1.7.3 to 1.7.4 HOT 6
- Regex named: "Paragraph", is causing "StackOverFlowError" HOT 8
- the argument 'policy' never be used HOT 1
- antiSamy.scan(input, policy) giving the following as not a valid html. HOT 8
- Prevent formatting and translation of css HOT 3
- Antisamy 1.7.5 version - <body> tag issue HOT 34
- When my runtime environment is a Chinese encoding environment, the list of error messages returned is garbled HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from antisamy.