NullPointerException for input string "|<?ai aaa" #62
Comments
|
Hi @eddierock1994, thanks for the analysis. You're right, the problem in removePI is In fact, after analyzing the issue I realized that the line is not even necessary. That's because the previous I've added a unit test with four cases, soon to be uploaded in a PR with the suggested change. To make it easier for everyone to understand the problem (luckily this was not the case) and have a starting point in future reported issues, provide a JUnit test :) |
|
Hi @spassarop will provide a Junit test in the future. Sorry it's my first time logging an issue. |
|
This has been fixed in release 1.5.13 |
|
Thanks for the quick resolution. You guys are great :D |
The code in question gets invoked through ESAPI library so I'm not sure if it has a bearing. But on examination of the method removePI of class AntiSamyDOMScanner, it looks like the node doesn't have any parent node. And so node.getParentNode() creates a null pointer exception. Attaching the stack trace here.
java.lang.NullPointerException
at org.owasp.validator.html.scan.AntiSamyDOMScanner.removePI(AntiSamyDOMScanner.java:689)
at org.owasp.validator.html.scan.AntiSamyDOMScanner.recursiveValidateTag(AntiSamyDOMScanner.java:260)
at org.owasp.validator.html.scan.AntiSamyDOMScanner.processChildren(AntiSamyDOMScanner.java:675)
at org.owasp.validator.html.scan.AntiSamyDOMScanner.processChildren(AntiSamyDOMScanner.java:666)
at org.owasp.validator.html.scan.AntiSamyDOMScanner.scan(AntiSamyDOMScanner.java:159)
at org.owasp.validator.html.AntiSamy.scan(AntiSamy.java:93)
The text was updated successfully, but these errors were encountered: