Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

... i think i found a way to bypass .... #26

Closed
wurtzelsepp opened this issue Jun 7, 2018 · 2 comments
Closed

... i think i found a way to bypass .... #26

wurtzelsepp opened this issue Jun 7, 2018 · 2 comments
Labels
invalid

Comments

@wurtzelsepp
Copy link

wurtzelsepp commented Jun 7, 2018
edited by davewichers

if you are trying

"><img src=a onerror=alert(1)>

and put it in as parameter
antiSamy.scan ( parameter, policy, AntiSamy.SAX ).getCleanHTML ();

you will get ><img src=a onerror=alert(1)> and so an alert popping up.... even if img Tags are set to remove.
@davewichers
Copy link
Collaborator

I end up with this output:

"&quot;&gt;&lt;img src=a onerror=alert(1)&gt;"

Which is safe/expected. Now if you then pass that to another interpreter which decodes it again, then something bad can happen of course.

Can you confirm the encoded values above are what you actually get? And you agree this safe/expected behavior?

@davewichers
Copy link
Collaborator

@wurtzelsepp As we can't replicate this, we are closing this for now. But please provide additional details if you still think this is an issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
invalid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wurtzelsepp @davewichers