antisamy

How to add a HTML5 tag to AntiSamy policy file?

我与影子孤独终老i 提交于 2019-12-23 23:42:21
问题 My AntiSamy file does not seem to like the HTML5 <figure> tag. Its allowing the tag itself to exist, but nothing contained inside it. So this: <figure> <img src="image/path"/> </figure> Is becoming this: <figure> </figure> <img src="image/path"/> How can I stop the antisamy from stripping out the content of the <figure> tag? I want it to allow the <figure> tag and all its attributes and content. 来源: https://stackoverflow.com/questions/32427087/how-to-add-a-html5-tag-to-antisamy-policy-file

antisamy parser force closing tag

╄→尐↘猪︶ㄣ 提交于 2019-12-22 05:31:12
问题 I use Antisamy for validating HTML. My policy allow iframes, like youtube videos. Problem is - if tag is empty(like this): <iframe src="//www.youtube.com/embed/uswzriFIf_k?feature=player_detailpage" allowfullscreen></iframe> than after cleaning it will be like this: <iframe src="//www.youtube.com/embed/uswzriFIf_k?feature=player_detailpage" allowfullscreen/> But it should have normal closing tag. And this break all content on page after. I already set my directives to use most of HTML but not

YouTube URL - regex

倾然丶 夕夏残阳落幕 提交于 2019-12-13 00:35:08
问题 I have following config in my antisamy policy file: Old YouTube Object: <object width="1280" height="720"> <param name="movie" value="http://www.youtube.com/v/Hl-zzrqQoSE ?version=3 &hl=en_US &rel=0"> </param> <param name="allowFullScreen" value="true"> </param> <param name="allowscriptaccess" value="always"> </param> <embed src="http://www.youtube.com/v/Hl-zzrqQoSE ?version=3 &hl=en_US &rel=0" type="application/x-shockwave-flash" width="1280" height="720" allowscriptaccess="always"

antisamy parser force closing tag

送分小仙女□ 提交于 2019-12-05 06:19:39
I use Antisamy for validating HTML. My policy allow iframes, like youtube videos. Problem is - if tag is empty(like this): <iframe src="//www.youtube.com/embed/uswzriFIf_k?feature=player_detailpage" allowfullscreen></iframe> than after cleaning it will be like this: <iframe src="//www.youtube.com/embed/uswzriFIf_k?feature=player_detailpage" allowfullscreen/> But it should have normal closing tag. And this break all content on page after. I already set my directives to use most of HTML but not XML: <directives> <directive name="omitXmlDeclaration" value="true"/> <directive name=

How to configure antisamy in cq 5.5?

空扰寡人 提交于 2019-11-30 16:07:03
问题 I have cq 5.5 project. I want to Prevent XSS attacks. According this link cq provides integration with AntiSamy project. Please provide concrete steps for integration with AntiSamy because I really cannot find it. update Should I write code like this somewhere? import org.owasp.validator.html.*; Policy policy = Policy.getInstance(POLICY_FILE_LOCATION); AntiSamy as = new AntiSamy(); CleanResults cr = as.scan(dirtyInput, policy); MyUserDAO.storeUserProfile(cr.getCleanHTML()); // some custom

How to configure antisamy in cq 5.5?

人走茶凉 提交于 2019-11-30 16:00:23
I have cq 5.5 project. I want to Prevent XSS attacks. According this link cq provides integration with AntiSamy project. Please provide concrete steps for integration with AntiSamy because I really cannot find it. update Should I write code like this somewhere? import org.owasp.validator.html.*; Policy policy = Policy.getInstance(POLICY_FILE_LOCATION); AntiSamy as = new AntiSamy(); CleanResults cr = as.scan(dirtyInput, policy); MyUserDAO.storeUserProfile(cr.getCleanHTML()); // some custom function The XSS protection mechanism offered by CQ is already based on the AntiSamy Project. You only
订阅 antisamy