[OWASP-ESAPI] Possible to merge antisamy with ESAPI?
Jeff Williams
jeff.williams at owasp.org
Mon Jan 21 01:22:06 EST 2008
Hi Vasten,
I'll be delivering them in a single jar as soon as I can figure out how to
get Ant to do that. I don't want people to have to have lots of jar files
on their classpath for this, so I'm going to package everything in a single
jar. However, AntiSamy is a complex OWASP project in its own right, and has
a separate development team.
If your application isn't accepting rich content (like HTML snippets) and
you don't need to sanitize all possible scripts from user input, then you
don't really need AntiSamy. It's only used in one method in the Validator,
and you can comment out that implementation if you like.
--Jeff
From: owasp-esapi-bounces at lists.owasp.org
[mailto:owasp-esapi-bounces at lists.owasp.org] On Behalf Of Vasten
Sent: Monday, January 21, 2008 12:07 AM
To: owasp-esapi at lists.owasp.org
Subject: [OWASP-ESAPI] Possible to merge antisamy with ESAPI?
It seems that to run ESAPI, I need another security component called
antisamy? Is there any plan of merging them together?
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20080121/2be86996/attachment.html
More information about the OWASP-ESAPI
mailing list