Gafar
Reputation: 23
Error: FileNotFound thrown while trying to use antisamy-tinymce.xml OWASP
I am working on a project that takes html from the user and persist to the DB. The current implementation is vulnerable to XSS attack.
In order to prevent this attack, I am trying to implement the OWASP Antisamy as seen here but I am getting fileNotFoundError for the policy that I have downloaded and put in the resources directory of the project.
Code
//sanitize welcomeMessage
try {
Policy policy = Policy.getInstance(new File("antisamy-tinymce.xml"));
AntiSamy as = new AntiSamy();
CleanResults cr = as.scan(welcomeMessage, policy);
preferences.setWelcomeMessage(cr.getCleanHTML());
} catch (PolicyException | ScanException e) {
FacesContext.getCurrentInstance().addMessage(null, new FacesMessage(FacesMessage.SEVERITY_WARN, "Invalid Welcome Message", e.getMessage()));
return;
}
Project Structure
.
└── src/
└── main/
└── resources/
├── antisamy-tinymce.xml
Any pointer to what I might be doing wrongly?
I have tried using the absolute path of the antisamy-tinymce.xml file but it doesn't work when deployed to the application server.
Upvotes: 1
Views: 97
Answers (0)
Related Questions
- OWASP ESAPI XSS Attack undetected
- AntiSamy to prevent XSS in java?
- antisamy-esapi.xml not found when trying to use OWASP ESAPI
- Getting antisamy-esapi.xml not found exception while trying to use OWASP ESAPI library
- OWASP AntiSamy are replacing line breaks to espaces (JAVA)
- Java: Owasp AntiSamy vs Owasp-java-html-sanitize
- Antisamy or Content Security Policy or both to prevent XSS attack
- ParserException Error after deploying antiSamy