Status: New Owner: ---- New issue 83 by brynaryh: DOS vulnerability when using HTML5 Sanitization http://code.google.com/p/html5lib/issues/detail?id=83
What steps will reproduce the problem?
1. Have a attribute that is configured to use html5lib sanitization
2. Attempt to save the record with the HTML in the attached file
What is the expected output? What do you see instead?
Expected the record would be saved reasonably fast. The ruby process will
peg the CPU, and the
sanitization will take over 45 minutes, thus potentially downing any site
that uses this
configuration
What version of the product are you using? On what operating system?
This occurred in our production environment on Engine Yard, and I also
reproduced it locally on:
ruby 1.8.6 (2008-03-03 patchlevel 114) [universal-darwin9.0]
Attachments:
bigpost2.txt 37.7 KB
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"html5lib-discuss" group.
To post to this group, send email to html5lib-discuss@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/html5lib-discuss?hl=en-GB
-~----------~----~----~----~------~----~------~--~---
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4