[Esapi-user] [Esapi-dev] ESAPI Random Number Generation Broken

Kevin W. Wall kevin.w.wall at gmail.com
Tue Jul 1 14:56:31 UTC 2014


No, I had Mike Samuel build me a policy file the emulated the one the
AntiSamy used with ESAPI. It was definitely a pin.xml problem.  I had it
working and the broke something somewhere between me removing jars and
trying to adding OWASP Dependency Check.

We can discuss in person after you return home and have your IDE configured.

-kevin
Sent from my Droid; please excuse typos.
On Jul 1, 2014 2:15 AM, "Jim Manico" <jim.manico at owasp.org> wrote:

> Kevin,
>
> AntiSamy has XML configuration and HTML Santitizer has programmatic
> configuration. By itself there is no default policy, could that be causing
> the problems?
>
> - Jim
>
> On 7/1/14, 2:10 PM, Kevin W. Wall wrote:
>
>> On Tue, Jul 1, 2014 at 1:52 AM, Jim Manico <jim.manico at owasp.org> wrote:
>>
>>> I think Kevin is shifting to the HTML Sanitizer to remove dependencies.
>>> Kevin?
>>>
>> Well that was one my eventual goals for two reasons... one is that
>> AntiSamy wasn't
>> being actively maintained and I just replaced that one of the branches
>> (sorry,
>> don't remember which one and I may not have even checked it in). The
>> other reason
>> is that there were 2 or 3 dependencies that were directly sucked in by
>> AntiSamy
>> but not used elsewhere in ESAPI. Thus replacing AntiSamy with HTML
>> Sanitizer
>> would replace it with something that was being maintained and also reduce
>> the total # of dependencies a bit.
>>
>> And speaking of which, this is something that I figured you might be able
>> to
>> work on since you are familiar with HTML Sanitizer. The only part that I
>> had
>> swapped out was the part that was using AntiSamy.
>>
>> -kevin
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20140701/62a06633/attachment.html>


More information about the Esapi-user mailing list