Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SAK-47679 Update Antisamy 1.7.7 #10804

Draft
wants to merge 5 commits into
base: master
Choose a base branch
from
Draft

SAK-47679 Update Antisamy 1.7.7 #10804

wants to merge 5 commits into from

Conversation

axxter99
Copy link
Member

No description provided.

@axxter99 axxter99 requested a review from mpellicer August 18, 2022 12:57
@axxter99 axxter99 mentioned this pull request Aug 18, 2022
Closed
@bjones86
Copy link
Member

This is still failing some FormattedText test(s)

@axxter99
Copy link
Member Author

[INFO] Results:
[INFO]
[ERROR] Failures:
[ERROR] FormattedTextTest.testDataAttributes:337 expected:<> but was:<>
[ERROR] FormattedTextTest.testKNL_1487:1083 expected:<...e530d7221ee512cb429"[]>> but was:<...e530d7221ee512cb429"[ /]>>
[INFO]
[ERROR] Tests run: 373, Failures: 2, Errors: 0, Skipped: 0

@axxter99 axxter99 marked this pull request as draft August 18, 2022 13:14
@axxter99
Copy link
Member Author

break SAK-47712 Passay: #10809

@jonespm
Copy link
Contributor

jonespm commented Jan 30, 2025

Passay was updated passed this in #12967

@jonespm jonespm changed the title SAK-47679 Update Passay 1.6.2 & antisamy 1.7.0 SAK-47679 Update Antisamy 1.7.6 Jan 30, 2025
@jonespm jonespm self-assigned this Jan 30, 2025
@jonespm
Copy link
Contributor

jonespm commented Jan 30, 2025
edited
Loading

I changed the version to the latest 1.7.7 and removed the already upgraded passay. If this fails the test I will look at it this week.

@jonespm jonespm changed the title SAK-47679 Update Antisamy 1.7.6 SAK-47679 Update Antisamy 1.7.7 Jan 30, 2025
@jonespm jonespm removed the request for review from mpellicer January 30, 2025 02:18
@jonespm
Copy link
Contributor

jonespm commented Jan 30, 2025
edited
Loading

The error that was there seems minor and could just be fixed in the test. However it looks like it's related to this open issue. nahsra/antisamy#484

There is a new test failure

Error: [ERROR]   FormattedTextTest.testDataAttributes:341 expected:<<span class="[]two"></span>> but was:<<span class="[one" class="]two"></span>>

Which looks like it's checking for duplicate attributes, which are invalid HTML but not really a security issue. It looks like it does have a check in the code for duplicate attributes. So not sure why this one is failing now.

https://github.com/nahsra/antisamy/blob/f94866b98c909cf470d0a15b59f7b28dcb9ab4bf/src/test/java/org/owasp/validator/html/test/AntiSamyTest.java#L1555

I tried also to use AntiSamy.DOM as used in the test to scan (the default is AntiSamy.SAX) but that just resulted in more errors. This test still in error but it was a different result.

Using Antisamy.DOM

[ERROR]   FormattedTextTest.testDataAttributes:341 expected:<[<span class="two"></span>]> but was:<[]>
[ERROR]   FormattedTextTest.testKNL_1407:831 The source tag was empty, and therefore we could not process it. The rest of the message is intact, and its removal should not have any side effects.<br/>The track tag was empty, and therefore we could not process it. The rest of the message is intact, and its removal should not have any side effects.<br/>
[ERROR]   FormattedTextTest.testKNL_1487:1087 expected:<...e530d7221ee512cb429"[]/>> but was:<...e530d7221ee512cb429"[ ]/>>
[ERROR]   FormattedTextTest.testKNL_1530:1165 expected:<.../www.sakailms.org/" [rel="noopener" ]target="_blank" rel=...> but was:<.../www.sakailms.org/" []target="_blank" rel=...>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bjones86 bjones86 bjones86 approved these changes

Assignees

@jonespm jonespm

Labels
work in progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@axxter99 @bjones86 @jonespm