Re: html validation errors

Mon, 21 Oct 2013 14:10:25 -0700 

Hi Skip:
For what it is worth, I had the same issue and I couldn't for the life of me figure out why I was see these messages. I also would be interested in knowing where (and why) this message is being thrown since if you read the message content, there doesn't seem to be anything "invalid" about the HTML. 


FYI - To get rid of this annoying message, I ended up setting the the 
ESAPI.properties file entry:


LogLevel=ERROR

So at least the error messages were not being displayed.

Hope that helps.
Ruth Hoffman

That was obvious to me because of a line I left out of error message:

ValidationException @ org.owasp.esapi.reference.DefaultValidator.getValidSaf
eHTML(null:-1)

However, that puts me no closer to understanding where it is coming from
originally.  This function is called originally in ModelService .validate
and there is a line of code there that sez something like
if(errorMessageList.size() > 0) thow ...

There are no exceptions in the log and no user has reported one.  I am just
seeing this on the console screen.

So, how do I find out which service is causing this?

Skip

-----Original Message-----
From: Adrian Crum [mailto:adrian.c...@sandglass-software.com]
Sent: Monday, October 21, 2013 11:13 AM
To: user@ofbiz.apache.org
Subject: Re: html validation errors


Most likely that is coming from OWASP/ESAPI.

Adrian Crum
Sandglass Software
www.sandglass-software.com

On 10/21/2013 10:49 AM, Skip wrote:

I am getting validation errors on System.err that look like this:

Oct 21, 2013 9:25:57 AM AppNameNotSpecified IntrusionDetector
WARNING: SECURITY-FAILURE Anonymous@unknown:unknown -- Invalid HTML input:
context=content, errors=[The <b>html</b> tag has been filtered for

security

reasons.
The contents of the tag will remain in place., The <b>head</b> tag has

been

filtered for security reasons. The contents of the tag will remain in
place., The <b>meta</b> tag has been filtered for security reasons. The
contents of the tag will remain in place., The <b>title</b> tag has been
filtered for security reasons. The contents of the tag will remain in
place., The <b>style</b> tag has been filtered for security reasons. The
contents of the tag will remain in place., The <b>body</b> tag has been
filtered for security reasons. The contents of the tag
   will remain in place., The <b>h1</b> tag has been filtered for security
reasons. The contents of the tag will remain in place., The <b>h1</b> tag
has been filtered for security reasons. The contents of the tag will

remain

in place.]

I would like to track down where this is coming from, but there is no
information in the logs.

Can anyone provide a clue?

Skip



























					Reply via email to