VM Out of Memory error
Closed this issue · 4 comments
GoogleCodeExporter commented
What steps will reproduce the problem?
1. Try to clean this: <SCRIPT =">" SRC=""></SCRIPT>
This causes an infinite recursion loop and runs the VM out of memory.
Original issue reported on code.google.com by jason.cl...@gmail.com on 15 Dec 2008 at 9:32
GoogleCodeExporter commented
This doesn't appear to work in the latest NekoHTML version 1.9.11 and therefore
will
be gone by the next minor release. Make sure your NekoHTML is up to date!
Original comment by arshan.d...@gmail.com on 21 Jan 2009 at 7:12
- Changed state: Fixed
GoogleCodeExporter commented
Original comment by arshan.d...@gmail.com on 3 Aug 2009 at 2:45
- Changed state: Verified
GoogleCodeExporter commented
I think this is the same issue, the following string also causes an
OutofMemoryError:
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
Here is the stack trace:
java.lang.OutOfMemoryError: Java heap space
at org.apache.xerces.util.XMLStringBuffer.append(Unknown Source)
at org.cyberneko.html.HTMLScanner$SpecialScanner.scanCharacters(HTMLScanner.java:3011)
at org.cyberneko.html.HTMLScanner$SpecialScanner.scan(HTMLScanner.java:2845)
at org.cyberneko.html.HTMLScanner.scanDocument(HTMLScanner.java:877)
at org.cyberneko.html.HTMLConfiguration.parse(HTMLConfiguration.java:495)
at org.cyberneko.html.HTMLConfiguration.parse(HTMLConfiguration.java:448)
at org.cyberneko.html.parsers.DOMFragmentParser.parse(DOMFragmentParser.java:166)
at org.owasp.validator.html.scan.AntiSamyDOMScanner.scan(AntiSamyDOMScanner.java:158)
at org.owasp.validator.html.AntiSamy.scan(AntiSamy.java:89)
at org.owasp.validator.html.AntiSamy.scan(AntiSamy.java:80)
Original comment by lanc...@gmail.com on 8 Sep 2009 at 5:04
GoogleCodeExporter commented
Confirmed that upgrading to nekohtml.jar 1.9.13 fixes this.
Original comment by lanc...@gmail.com on 8 Sep 2009 at 5:18