Issue 32 in owasp-java-html-sanitizer: Runtime error loading org/owasp/html/Sanitizers
48 views
Skip to first unread message
owasp-java-h...@googlecode.com
Aug 22, 2014, 9:38:45 AM8/22/14
to owasp-java-html-...@googlegroups.com
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 32 by RKFernan...@gmail.com: Runtime error loading
org/owasp/html/Sanitizers
https://code.google.com/p/owasp-java-html-sanitizer/issues/detail?id=32
What steps will reproduce the problem?
1. Install from Maven
Source code:
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.BLOCKS); //
error happens here
String safeHTML = policy.sanitize("<table>asdf</table>"); // never gets to
this line
What is the expected output? What do you see instead?
Sanitized output. Getting the following error instead:
Aug 22, 2014 9:28:49 AM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [Jersey Web Application] in context
with path [/asdf] threw exception
[org.glassfish.jersey.server.ContainerException:
java.lang.NoClassDefFoundError: org/owasp/html/Sanitizers] with root cause
java.lang.NoClassDefFoundError: org/owasp/html/Sanitizers
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:151)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:171)
at
org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:195)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:104)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:387)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:331)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:103)
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:271)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
at
org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:297)
at
org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:254)
at
org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1028)
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:372)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:381)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:344)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:221)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.filters.CorsFilter.handleNonCORS(CorsFilter.java:439)
at org.apache.catalina.filters.CorsFilter.doFilter(CorsFilter.java:178)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
What version of the product are you using? On what operating system?
OSX 10.9.4 using version r239. Tomcat v7.0.55. Java SE 1.7.0_67.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 32 by RKFernan...@gmail.com: Runtime error loading
org/owasp/html/Sanitizers
https://code.google.com/p/owasp-java-html-sanitizer/issues/detail?id=32
What steps will reproduce the problem?
1. Install from Maven
Source code:
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.BLOCKS); //
error happens here
String safeHTML = policy.sanitize("<table>asdf</table>"); // never gets to
this line
What is the expected output? What do you see instead?
Sanitized output. Getting the following error instead:
Aug 22, 2014 9:28:49 AM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [Jersey Web Application] in context
with path [/asdf] threw exception
[org.glassfish.jersey.server.ContainerException:
java.lang.NoClassDefFoundError: org/owasp/html/Sanitizers] with root cause
java.lang.NoClassDefFoundError: org/owasp/html/Sanitizers
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:151)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:171)
at
org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:195)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:104)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:387)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:331)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:103)
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:271)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
at
org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:297)
at
org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:254)
at
org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1028)
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:372)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:381)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:344)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:221)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.filters.CorsFilter.handleNonCORS(CorsFilter.java:439)
at org.apache.catalina.filters.CorsFilter.doFilter(CorsFilter.java:178)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
What version of the product are you using? On what operating system?
OSX 10.9.4 using version r239. Tomcat v7.0.55. Java SE 1.7.0_67.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
owasp-java-h...@googlecode.com
Aug 22, 2014, 11:40:46 AM8/22/14
to owasp-java-html-...@googlegroups.com
Comment #1 on issue 32 by mikes...@gmail.com: Runtime error loading
org/owasp/html/Sanitizers
https://code.google.com/p/owasp-java-html-sanitizer/issues/detail?id=32
I can't repeat the problem. It looks like a runtime configuration issue on
your end that's causing the problem before control ever enters sanitizer
code.
owasp-java-h...@googlecode.com
Oct 13, 2014, 6:24:44 PM10/13/14
to owasp-java-html-...@googlegroups.com
Updates:
Status: Invalid
Comment #2 on issue 32 by mikes...@gmail.com: Runtime error loading
org/owasp/html/Sanitizers
https://code.google.com/p/owasp-java-html-sanitizer/issues/detail?id=32
(No comment was entered for this change.)
Status: Invalid
Comment #2 on issue 32 by mikes...@gmail.com: Runtime error loading
org/owasp/html/Sanitizers
https://code.google.com/p/owasp-java-html-sanitizer/issues/detail?id=32
(No comment was entered for this change.)
Reply all
Reply to author
Forward
0 new messages