-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
Low
-
None
-
Affects Version/s: 9.2.17, 10.2.7
-
Component/s: Content - Page
-
None
-
1
-
Severity 3 - Minor
Problem
Pages fail to load in GUI with EmptyStackException in AntiSamy CDATA parsing
Steps to Reproduce
- Create an empty Confluence page
- Set the below body in the bodycontent table for the page created at 1.
<h3>Section</h3> <p>Some contnet.<br /> <ac:emoticon ac:name="warning" /> Some more content </p> <p>placeholder...</p> <p>placeholder</p> <h3>placeholder</h3> <p>placeholder: <code>putKeyValue = function(key, value, <ac:link><ri:page ri:content-title="okCallback, errCallback" ri:space-key="TEST" /><ac:plain-text-link-body><![CDATA[okCallback, errCallback]]></ac:plain-text-link-body></ac:link>)</code> </p> <ac:parameter ac:name="title">placeholder</ac:parameter> <ac:parameter ac:name="language">javascript</ac:parameter><ac:plain-text-body> <![CDATA[kvs.putKeyValue("key", "value"); ]]> </ac:plain-text-body> <h3>placeholder</h3> <p>placeholder</p> <p>placeholder <code>getKeyValue = function(key, dataCallback, <ac:link><ri:page ri:content-title="errCallback" ri:space-key="TEST" /><ac:plain-text-link-body><![CDATA[errCallback]]></ac:plain-text-link-body></ac:link>)</code> </p> <ac:parameter ac:name="title">placeholder</ac:parameter> <ac:parameter ac:name="language">javascript</ac:parameter><ac:plain-text-body> <![CDATA[// define the data callback var dataCallback = function(valuestring) { //work with valuestring };// get the value kvs.getKeyValue("key", dataCallback); ]]> </ac:plain-text-body>
- Flush Confluence cache
- Attempt to view the page
Expected Results
Page should be visible.
Actual Results
The export fails and the following message is found in the logs:
2026-03-12 11:32:26,004 ERROR [http-nio-21027-exec-6 url: /c1027/500page.jsp; user: admin] [atlassian.confluence.status.SystemErrorInformationLogger] logException Unhandled exception, request unique ID: 24c144f7-ad7b-49a1-a9c1-0aec26474dda -- traceId: c393fe629cbb7b39java.lang.RuntimeException: org.owasp.validator.html.ScanException: java.util.EmptyStackException ... Caused by: org.owasp.validator.html.ScanException: java.util.EmptyStackException ... Caused by: java.util.EmptyStackException
The above failure is caused by the following block in the storage format:
<ac:parameter ac:name="language">javascript</ac:parameter><ac:plain-text-body> <![CDATA[// define the data callback var dataCallback = function(valuestring) { //work with valuestring };// get the value kvs.getKeyValue("key", dataCallback); ]]> </ac:plain-text-body>
as the antiSamyClean code is removing the content from the CDATA element and causes the EmptyStackException.
Workaround
Change the problematic entry in the body content of the page from:
<ac:parameter ac:name="language">javascript</ac:parameter><ac:plain-text-body> <![CDATA[// define the data callback var dataCallback = function(valuestring) { //work with valuestring };// get the value kvs.getKeyValue("key", dataCallback); ]]> </ac:plain-text-body>
to
<ac:parameter ac:name="language">javascript</ac:parameter><ac:plain-text-body> <code> <![CDATA[// define the data callback var dataCallback = function(valuestring) { //work with valuestring };// get the value kvs.getKeyValue("key", dataCallback); ]]> </code> </ac:plain-text-body>
You can update the page directly in the database using a query like this:
UPDATE BODYCONTENT
SET BODY = REGEXP_REPLACE(
BODY,
'<ac:plain-text-body><!\[CDATA\[.*?\]\]></ac:plain-text-body>',
'',
'gs'
)
WHERE contentid IN ('1212423','1212419');
Change the contentid in the where clause to match the page's content ID you need to fix.
Please remember to take a backup of your database and Confluence environment before making any changes and test on a staging server first.
- is related to
-
-
- Gathering Impact
-