Skip to content

Commit 05c52b9

Browse files
spassaropnahsra
spassarop
authored and
nahsra
committed
Avoid parsing noscript content
1 parent 7fdb6c1 commit 05c52b9

File tree

3 files changed

+47
-45
lines changed

3 files changed

+47
-45
lines changed

src/main/java/org/owasp/validator/html/scan/AntiSamyDOMScanner.java

+1
Original file line numberDiff line numberDiff line change
@@ -225,6 +225,7 @@ static DOMFragmentParser getDomParser()
225225

226226
parser.setFeature("http://cyberneko.org/html/features/scanner/style/strip-cdata-delims", false);
227227
parser.setFeature("http://cyberneko.org/html/features/scanner/cdata-sections", true);
228+
parser.setFeature("http://cyberneko.org/html/features/parse-noscript-content", false);
228229

229230
return parser;
230231
}

src/main/java/org/owasp/validator/html/scan/AntiSamySAXScanner.java

+1
Original file line numberDiff line numberDiff line change
@@ -267,6 +267,7 @@ private static SAXParser getParser() {
267267
parser.setFeature("http://xml.org/sax/features/namespaces", false);
268268
parser.setFeature("http://cyberneko.org/html/features/balance-tags/document-fragment", true);
269269
parser.setFeature("http://cyberneko.org/html/features/scanner/cdata-sections", true);
270+
parser.setFeature("http://cyberneko.org/html/features/parse-noscript-content", false);
270271

271272
parser.setProperty("http://cyberneko.org/html/properties/names/elems", "lower");
272273
return parser;

src/main/java/org/owasp/validator/html/scan/MagicSAXFilter.java

+45-45
Original file line numberDiff line numberDiff line change
@@ -119,7 +119,7 @@ public void characters(XMLString text, Augmentations augs) throws XNIException {
119119
}
120120

121121
private static final Pattern conditionalDirectives =
122-
Pattern.compile("<?!?\\[\\s*(?:end)?if[^]]*\\]>?");
122+
Pattern.compile("<?!?\\[\\s*(?:end)?if[^]]*\\]>?");
123123

124124
public void comment(XMLString text, Augmentations augs) throws XNIException {
125125

@@ -135,12 +135,12 @@ public void comment(XMLString text, Augmentations augs) throws XNIException {
135135
}
136136

137137
public void doctypeDecl(String root, String publicId, String systemId, Augmentations augs)
138-
throws XNIException {
138+
throws XNIException {
139139
// user supplied doctypes are ignored
140140
}
141141

142142
public void emptyElement(QName element, XMLAttributes attributes, Augmentations augs)
143-
throws XNIException {
143+
throws XNIException {
144144
this.startElement(element, attributes, augs);
145145
this.endElement(element, augs);
146146
}
@@ -202,8 +202,8 @@ public void endElement(QName element, Augmentations augs) throws XNIException {
202202
// if the CSS is unscannable, we report the error, but skip the
203203
// style element
204204
addError(
205-
ErrorMessageUtil.ERROR_CSS_TAG_MALFORMED,
206-
new Object[] {HTMLEntityEncoder.htmlEntityEncode(cssContent.toString())});
205+
ErrorMessageUtil.ERROR_CSS_TAG_MALFORMED,
206+
new Object[] {HTMLEntityEncoder.htmlEntityEncode(cssContent.toString())});
207207
} finally {
208208
// reset the string buffer to allow fresh recording of next
209209
// style tag
@@ -225,7 +225,7 @@ private CssScanner makeCssScanner() {
225225
}
226226

227227
public void processingInstruction(String target, XMLString data, Augmentations augs)
228-
throws XNIException {
228+
throws XNIException {
229229
// processing instructions are being removed
230230
}
231231

@@ -240,7 +240,7 @@ public void endCDATA(Augmentations augs) throws XNIException {
240240
}
241241

242242
public void startElement(QName element, XMLAttributes attributes, Augmentations augs)
243-
throws XNIException {
243+
throws XNIException {
244244
// see if we have a policy for this tag.
245245
String tagNameLowerCase = element.localpart.toLowerCase();
246246
Tag tag = policy.getTagByLowercaseName(tagNameLowerCase);
@@ -274,19 +274,19 @@ public void startElement(QName element, XMLAttributes attributes, Augmentations
274274
// we also remove all child elements of a style element
275275
this.operations.push(Ops.REMOVE);
276276
} else if ((tag == null && policy.isEncodeUnknownTag())
277-
|| (tag != null && tag.isAction(Policy.ACTION_ENCODE))) {
277+
|| (tag != null && tag.isAction(Policy.ACTION_ENCODE))) {
278278
String name = "<" + element.localpart + ">";
279279
super.characters(new XMLString(name.toCharArray(), 0, name.length()), augs);
280280
this.operations.push(Ops.ENCODE);
281281
} else if (tag == null) {
282282
addError(
283-
ErrorMessageUtil.ERROR_TAG_NOT_IN_POLICY,
284-
new Object[] {HTMLEntityEncoder.htmlEntityEncode(element.localpart)});
283+
ErrorMessageUtil.ERROR_TAG_NOT_IN_POLICY,
284+
new Object[] {HTMLEntityEncoder.htmlEntityEncode(element.localpart)});
285285
this.operations.push(Ops.FILTER);
286286
} else if (tag.isAction(Policy.ACTION_FILTER)) {
287287
addError(
288-
ErrorMessageUtil.ERROR_TAG_FILTERED,
289-
new Object[] {HTMLEntityEncoder.htmlEntityEncode(element.localpart)});
288+
ErrorMessageUtil.ERROR_TAG_FILTERED,
289+
new Object[] {HTMLEntityEncoder.htmlEntityEncode(element.localpart)});
290290
this.operations.push(Ops.FILTER);
291291
} else if (tag.isAction("validate")) {
292292

@@ -319,14 +319,14 @@ public void startElement(QName element, XMLAttributes attributes, Augmentations
319319
errorMessages.addAll(cr.getErrorMessages());
320320
} catch (ScanException e) {
321321
addError(
322-
ErrorMessageUtil.ERROR_CSS_ATTRIBUTE_MALFORMED,
323-
new Object[] {element.localpart, HTMLEntityEncoder.htmlEntityEncode(value)});
322+
ErrorMessageUtil.ERROR_CSS_ATTRIBUTE_MALFORMED,
323+
new Object[] {element.localpart, HTMLEntityEncoder.htmlEntityEncode(value)});
324324
}
325325
} else if (attribute != null) {
326326
// validate the values against the policy
327327
boolean isValid = false;
328328
if (attribute.containsAllowedValue(value.toLowerCase())
329-
|| attribute.matchesAllowedExpression(value)) {
329+
|| attribute.matchesAllowedExpression(value)) {
330330
int attrIndex;
331331
if ((attrIndex = validattributes.getIndex(name)) > 0) {
332332
// If attribute is repeated, use last value.
@@ -342,46 +342,46 @@ public void startElement(QName element, XMLAttributes attributes, Augmentations
342342
if (!isValid && "removeTag".equals(attribute.getOnInvalid())) {
343343

344344
addError(
345-
ErrorMessageUtil.ERROR_ATTRIBUTE_INVALID_REMOVED,
346-
new Object[] {
347-
tag.getName(),
348-
HTMLEntityEncoder.htmlEntityEncode(name),
349-
HTMLEntityEncoder.htmlEntityEncode(value)
350-
});
345+
ErrorMessageUtil.ERROR_ATTRIBUTE_INVALID_REMOVED,
346+
new Object[] {
347+
tag.getName(),
348+
HTMLEntityEncoder.htmlEntityEncode(name),
349+
HTMLEntityEncoder.htmlEntityEncode(value)
350+
});
351351

352352
removeTag = true;
353353

354354
} else if (!isValid
355-
&& ("filterTag".equals(attribute.getOnInvalid()) || masqueradingParam)) {
355+
&& ("filterTag".equals(attribute.getOnInvalid()) || masqueradingParam)) {
356356

357357
addError(
358-
ErrorMessageUtil.ERROR_ATTRIBUTE_CAUSE_FILTER,
359-
new Object[] {
360-
tag.getName(),
361-
HTMLEntityEncoder.htmlEntityEncode(name),
362-
HTMLEntityEncoder.htmlEntityEncode(value)
363-
});
358+
ErrorMessageUtil.ERROR_ATTRIBUTE_CAUSE_FILTER,
359+
new Object[] {
360+
tag.getName(),
361+
HTMLEntityEncoder.htmlEntityEncode(name),
362+
HTMLEntityEncoder.htmlEntityEncode(value)
363+
});
364364

365365
filterTag = true;
366366

367367
} else if (!isValid) {
368368
addError(
369-
ErrorMessageUtil.ERROR_ATTRIBUTE_INVALID,
370-
new Object[] {
371-
tag.getName(),
372-
HTMLEntityEncoder.htmlEntityEncode(name),
373-
HTMLEntityEncoder.htmlEntityEncode(value)
374-
});
369+
ErrorMessageUtil.ERROR_ATTRIBUTE_INVALID,
370+
new Object[] {
371+
tag.getName(),
372+
HTMLEntityEncoder.htmlEntityEncode(name),
373+
HTMLEntityEncoder.htmlEntityEncode(value)
374+
});
375375
}
376376

377377
} else { // attribute == null
378378
addError(
379-
ErrorMessageUtil.ERROR_ATTRIBUTE_NOT_IN_POLICY,
380-
new Object[] {
381-
element.localpart,
382-
HTMLEntityEncoder.htmlEntityEncode(name),
383-
HTMLEntityEncoder.htmlEntityEncode(value)
384-
});
379+
ErrorMessageUtil.ERROR_ATTRIBUTE_NOT_IN_POLICY,
380+
new Object[] {
381+
element.localpart,
382+
HTMLEntityEncoder.htmlEntityEncode(name),
383+
HTMLEntityEncoder.htmlEntityEncode(value)
384+
});
385385

386386
if (masqueradingParam) {
387387
filterTag = true;
@@ -414,14 +414,14 @@ public void startElement(QName element, XMLAttributes attributes, Augmentations
414414
if (currentRelValue != null) {
415415
Attribute attribute = tag.getAttributeByName("rel");
416416
if (attribute != null
417-
&& !(attribute.containsAllowedValue(currentRelValue)
417+
&& !(attribute.containsAllowedValue(currentRelValue)
418418
|| attribute.matchesAllowedExpression(currentRelValue))) {
419419
currentRelValue = "";
420420
}
421421
}
422422
String relValue =
423-
Attribute.mergeRelValuesInAnchor(
424-
addNofollow, addNoopenerAndNoreferrer, currentRelValue);
423+
Attribute.mergeRelValuesInAnchor(
424+
addNofollow, addNoopenerAndNoreferrer, currentRelValue);
425425
if (!relValue.isEmpty()) {
426426
int relIndex;
427427
if ((relIndex = validattributes.getIndex("rel")) > 0) {
@@ -446,8 +446,8 @@ public void startElement(QName element, XMLAttributes attributes, Augmentations
446446
} else {
447447
// no options left, so the tag will be removed
448448
addError(
449-
ErrorMessageUtil.ERROR_TAG_DISALLOWED,
450-
new Object[] {HTMLEntityEncoder.htmlEntityEncode(element.localpart)});
449+
ErrorMessageUtil.ERROR_TAG_DISALLOWED,
450+
new Object[] {HTMLEntityEncoder.htmlEntityEncode(element.localpart)});
451451
this.operations.push(Ops.REMOVE);
452452
}
453453
// now we know exactly what to do, let's do it

0 commit comments

Comments
 (0)