2

I'm using antiSami with my ColdFusion project. I'm loading antiSami through onApplicationStart() like this:

local.jarsArray =
[
    expandPath("lib/antisami/antisamy-1.4.4.jar")
];
application.antiSamiPolicyPath = expandPath("lib/antisami/antisamy-slashdot-1.4.4.xml");

application.javaLoader = createObject("lib.javaloader.JavaLoader").init(local.jarsArray);
application.antiSami = application.javaLoader.create("org.owasp.validator.html.AntiSamy").init();

I can see the antiSami object if I dump application.antiSami. However, once I add the following line:

local.result = application.antiSami.scan("some text", application.antiSamiPolicyPath);

I get this generic browser 500 message:

Server Error, HTTP Error 500 (Internal Server Error): An unexpected condition was encountered while the server was attempting to fulfill the request.

Under the hood, I found this error through CFBuilder:

"Error","web-4","06/14/11","15:27:04","80BBF6B60584F6D148A7DC2A12007C03","org/apache/batik/css/parser/ParseException The specific sequence of files included or processed is: C:\ColdFusion9\wwwroot\gamers\index.cfm, line: 25 "

Any ideas what this error is all about?

Mohamad
  • 34,731
  • 32
  • 140
  • 219
  • what's actually on line 25 of gamer/index.cfm? – Stephen Moretti Jun 14 '11 at 19:00
  • @Stephen Moretti, nothing. It's a view template from my framework. I think I might have figured it out: AntiSamy has other dependencies that need to be loaded. The guide I followed, http://blog.pengoworks.com/index.cfm/2008/1/3/Using-AntiSamy-to-protect-your-CFM-pages-from-XSS-hacks - makes no mention of this... but there are three other jars that need to be loaded. I'm about to test this. – Mohamad Jun 14 '11 at 19:18
  • @Stephen Moretti, it was the dependencies. After loading the dependencies everything works as expect. – Mohamad Jun 14 '11 at 19:45

1 Answers1

4

It turns out using AntiSamy requires a certain number of dependencies: batik-css.jar, batik-util.jar, nekohtml.jar, and xerceslmpl.jar. Once those are loaded, antiSamy should work fine, and it does.

Mohamad
  • 34,731
  • 32
  • 140
  • 219