[Esapi-user] [Esapi-dev] ESAPI Random Number Generation Broken

Kevin W. Wall kevin.w.wall at gmail.com
Tue Jul 1 06:10:54 UTC 2014


On Tue, Jul 1, 2014 at 1:52 AM, Jim Manico <jim.manico at owasp.org> wrote:
> I think Kevin is shifting to the HTML Sanitizer to remove dependencies.
> Kevin?

Well that was one my eventual goals for two reasons... one is that
AntiSamy wasn't
being actively maintained and I just replaced that one of the branches (sorry,
don't remember which one and I may not have even checked it in). The
other reason
is that there were 2 or 3 dependencies that were directly sucked in by AntiSamy
but not used elsewhere in ESAPI. Thus replacing AntiSamy with HTML Sanitizer
would replace it with something that was being maintained and also reduce
the total # of dependencies a bit.

And speaking of which, this is something that I figured you might be able to
work on since you are familiar with HTML Sanitizer. The only part that I had
swapped out was the part that was using AntiSamy.

-kevin
-- 
Blog: http://off-the-wall-security.blogspot.com/
NSA: All your crypto bit are belong to us.


More information about the Esapi-user mailing list