java - Location of AntiSamy policy file in web project -

-

i'm trying use antisamy prevent xss attacks on site. downloaded following jars , added them "/web-inf/lib"

  • antisamy-1.5.3.jar

  • nekohtml.jar

  • xercesimpl-2.5.0.jar

along policy file antisamy-slashdot-1.4.4.xml in "/web-inf".

i tried implement filter through web.xml. snippet of servlet i'm using is

public class antisamyfilter implements filter {  private static final logger log = logger.getlogger(antisamyfilter.class);  private final antisamy antisamy;  public antisamyfilter() {     try {         url url = this.getclass().getclassloader().getresource("antisamy-slashdot-1.4.4.xml");         log.info("after getresource");         policy policy = policy.getinstance(url.getfile()); //deployment fails         log.info("after policy");         antisamy = new antisamy(policy);         log.info("after antisamy");     } catch (policyexception e) {         throw new illegalstateexception(e.getmessage(), e);     } } }

the deployment fails after policy policy = policy.getinstance(url.getfile());. it's because of path of policy file.

can please tell me policy file should kept?

the url.getfile part fails because couldn't find antisamy-slashdot-1.4.4.xml file. created package in src/my/package , changed

url url = this.getclass().getclassloader().getresource("antisamy-slashdot-1.4.4.xml");

to

url url = this.getclass().getclassloader().getresource("/my/package/antisamy-slashdot-1.4.4.xml");

i added batik.jar along other jar files. solved problem


Comments

Post a Comment

Popular posts from this blog

yii2 - Yii 2 Running a Cron in the basic template -

-
i have seen instructions on running cron in advanced template, cant figure out how on basic template. have following controller in basic controllers folder. <?php namespace app\controllers; use yii\console\controller; /** * cron controller */ class croncontroller extends controller { public function actionindex() { echo "cron service runnning"; } public function actionmail($to) { echo "sending mail " . $to; } } i have navigated root of application , tried these comands yii cron php yii cron im getting unknown comand "cron" i know old question failed find actual answer this. if @ code yii exec file you'll notice requires /common/config/aliases.php file console/config/main.php. can naturally change these or copy on these advanced template. hope solves problem wanting same thing.
Read more

asp.net - 'System.Web.HttpContext' does not contain a definition for 'GetOwinContext' Mystery -

-
i realize question might seem trivial some, it's these types of things find myself fighting quite bit , want make sense of despite seeming losing battle in .net (for me anyway). so, if following: using system.web; ... applicationuser user = system.web.httpcontext.getowincontext().getusermanager<applicationusermanager>().findbyid(system.web.httpcontext.user.identity.getuserid()); that produces error in title , red getowincontext() , error cannot resolve symbol 'getowincontext()' however, if following (remove system.web in front of httpcontext ), works expected (or @ least no errors): using system.web; ... applicationuser user = httpcontext.getowincontext().getusermanager<applicationusermanager>().findbyid(system.web.httpcontext.user.identity.getuserid()); however, if (same line that's working using system.web commented out): //using system.web; ... applicationuser user = httpcontext.getowincontext().getusermana...
Read more

wso2esb - How to concatenate JSON array values in WSO2 ESB? -

-
we have json object below, expected result in: "(001),(011),(089),(120)". can suggest how iterate json array , concat values mention . "(001),(011),(089),(120)" thanks in advance. { "element": { "values": { "agentid": "aaaaa", "transactiondata": [ { "no": "001" }, { "no": "011" }, { "no": "089" }, { "no": "120" } ] } } } you can using iterate mediator, filter mediator , properties operation scope. try solution. @ end have (001),(011),(089),(120) value in concat-data property. have added complete proxy reference. <?xml version="1.0" encoding=...
Read more