How to ensure that antisamy-esapi.xml is loaded
(Doc ID 1937953.1)
Last updated on NOVEMBER 06, 2023
Applies to:
Oracle WebCenter Sites - Version 11.1.1.6.0 and laterInformation in this document applies to any platform.
Goal
How to prevent these errors
a) at startup time, Sites tries to read antisamy-esapi.xml for the first time and fails, logging:
Not found in 'org.owasp.esapi.resources' directory or file not readable: {sites_installdir}/bin/antisamy-esapi.xml
Not found in SystemResource Directory/resourceDirectory: .esapi/antisamy-esapi.xml
Not found in 'user.home' (/home/webadm) directory: {sites_home_dir}/esapi/antisamy-esapi.xml
b) then on subsequent attempts to read it, the following exception is thrown:
java.lang.NoClassDefFoundError: Could not initialize class
org.owasp.esapi.reference.validation.HTMLValidationRule
at org.owasp.esapi.reference.DefaultValidator.getValidSafeHTML(DefaultValidator.java:337)
at COM.FutureTense.Util.ftUtil.readByteURL(ftUtil.java:755)
This can cause certain tags and code that perform data validation to fail, such as Utilties.ReadURL (bug 18731750)
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |