[Owasp-antisamy] HTML Sanitization (Tidy), Why?

Sam Daoud sam at rinklefree.com
Wed Dec 12 17:15:00 EST 2007


Why does anti-samy first "clean up" any "broken" HTML before
parsing/validating it? Is there a true technical need or does it simply make
for easier parsing?
With user generated content, I want the user to be able to see the same
exact (often malformed) HTML they used in entry when they go back to edit.

Can anti-samy or a similar implementation of anti-samy do that while still
effectively protecting against XSS threat?

Thanks a lot,
Sam Daoud
Direct: 650.360.2233
Cell: 650.454.7711
Skype/IM: rtmedia
sam at rinklefree.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20071212/871b1c36/attachment.html 

More information about the Owasp-antisamy mailing list