-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
antiSamy.scan(input, policy) giving the following as not a valid html. #416
Comments
these are my onsiteURL and offsiteURL. |
@spassarop - Can you research and respond? |
name="onsiteURL" name="offsiteURL" |
Hi
That is because the value is nothing close to a URL. To accept that kind of
value willingly, then you can create your custom regular expression
alongside with offsiteURL and onsiteURL, and add it as part of the accepted
expressions for the href attribute. If you wanted to use only the existing
ones, you can add the parenthesis right at the end of onsiteURL, for
example, before the last square bracket': *()]**
You can test that and close the issue.
El jue, 11 ene 2024 a las 18:30, mahi277149 ***@***.***>)
escribió:
… name="offsiteURL"
value="(\s)
*((ht|f)tp(s?)://|mailto:)[\p{L}\p{N}]+[\p{L}\p{N}\p{Zs}.#@$%+&;:-_~,?=/!()]*
(\s)*"
—
Reply to this email directly, view it on GitHub
<#416 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHL3BMK7NPGGM3G2TCOXXNLYOBKXTAVCNFSM6AAAAABBXD6HVCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOBXHE4TMNBVGY>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
name="onsiteURL" i tried this with onsiteURL but it did not work, what am i missing here. |
the href contains following js method |
The a tag contained an attribute that we could not process. The href attribute had a value of "Lx.ui.launchBidAlternateValues(2942);". This value could not be accepted for security reasons. We have chosen to remove this attribute from the tag and leave everything else in place so that we could process the input. i am seeing this error. |
I don't know what your problem is. I tested this: AntiSamy as = new AntiSamy();
String input = "<a href=\"Lx.ui.launchBidAlternateValues(2942);\">Awning</a>";
System.out.println(as.scan(input, policy, AntiSamy.DOM).getCleanHTML());
System.out.println(String.join("\n", as.scan(input, policy, AntiSamy.DOM).getErrorMessages()));
System.out.println(as.scan(input, policy, AntiSamy.SAX).getCleanHTML());
System.out.println(String.join("\n", as.scan(input, policy, AntiSamy.SAX).getErrorMessages())); Where <regexp name="onsiteURL"
value="^(?!//)(?![\p{L}\p{N}\\\.\#@\$%\+&;\-_~,\?=/!]*(&colon))[\p{L}\p{N}\\\.\#@\$%\+&;\-_~,\?=/!]*" /> To this, as I mentioned in my previous comment (only added brackets): <regexp name="onsiteURL"
value="^(?!//)(?![\p{L}\p{N}\\\.\#@\$%\+&;\-_~,\?=/!]*(&colon))[\p{L}\p{N}\\\.\#@\$%\+&;\-_~,\?=/!()]*" /> After that, the output is as expected, without removal of In conclusion I will close the issue and if there is a valid reason to reopen it, then do it. |
input = Awning
then getting following error.
The a tag contained an attribute that we could not process. The href attribute had a value of "Lx.ui.launchBidAlternateValues(2942);". This value could not be accepted for security reasons. We have chosen to remove this attribute from the tag and leave everything else in place so that we could process the input.
Please let me know, how to resolve this issue.
The text was updated successfully, but these errors were encountered: