[Esapi-user] [Esapi-dev] ESAPI Random Number Generation Broken

Jim Manico jim.manico at owasp.org
Tue Jul 1 09:55:24 UTC 2014


> And speaking of which, this is something that I figured you might be able to work on since you are familiar with HTML Sanitizer. The only part that I had swapped out was the part that was using AntiSamy.

Happy to, Iets talk live after the 4th. My IDE is set up and I've been
going through the code today to get reacquainted - I'm ready to rock.
The HTML sanitizer is a very different design that AntiSamy, let's
talk integration options next week.

I'd also like to expand the Encoder interface and bring in the OWASP
Java Encoder, it's a bit faster and more feature complete for XSS
defense. I'll discuss options with you before doing it.

Cheers Kevin. I'm actually quite stoked to be involved again.

Aloha,
--
Jim Manico
@Manicode
(808) 652-3805

> On Jul 1, 2014, at 2:10 PM, "Kevin W. Wall" <kevin.w.wall at gmail.com> wrote:
>
>> On Tue, Jul 1, 2014 at 1:52 AM, Jim Manico <jim.manico at owasp.org> wrote:
>> I think Kevin is shifting to the HTML Sanitizer to remove dependencies.
>> Kevin?
>
> Well that was one my eventual goals for two reasons... one is that
> AntiSamy wasn't
> being actively maintained and I just replaced that one of the branches (sorry,
> don't remember which one and I may not have even checked it in). The
> other reason
> is that there were 2 or 3 dependencies that were directly sucked in by AntiSamy
> but not used elsewhere in ESAPI. Thus replacing AntiSamy with HTML Sanitizer
> would replace it with something that was being maintained and also reduce
> the total # of dependencies a bit.
>
> And speaking of which, this is something that I figured you might be able to
> work on since you are familiar with HTML Sanitizer. The only part that I had
> swapped out was the part that was using AntiSamy.
>
> -kevin
> --
> Blog: http://off-the-wall-security.blogspot.com/
> NSA: All your crypto bit are belong to us.


More information about the Esapi-user mailing list