[Owasp-antisamy] HTML Sanitization (Tidy), Why?

Jim Manico jim at manico.net
Wed Dec 12 21:10:43 EST 2007


Sam,

If can find a solution to fixing broken HTML and making it compliant 
XHTML while still meeting the original designers intent and exact look 
and feel on all major browsers, let me know so I can invest in your 
company! I think what you are describing is nearly impossible - without 
changing the intention and rendering of the original mark-up  - 
especially when you get into complex rich-client code.

Please anyone correct me if I'm wrong.....

- Jim

Sam Daoud wrote:
> Hello,
>
> Why does anti-samy first "clean up" any "broken" HTML before 
> parsing/validating it? Is there a true technical need or does it 
> simply make for easier parsing?
> With user generated content, I want the user to be able to see the 
> same exact (often malformed) HTML they used in entry when they go back 
> to edit.
>
> Can anti-samy or a similar implementation of anti-samy do that while 
> still effectively protecting against XSS threat?
>
> Thanks a lot,
> --
> Sam Daoud
> Direct: 650.360.2233
> Cell: 650.454.7711
> Skype/IM: rtmedia
> sam at rinklefree.com <mailto:sam at rinklefree.com>
> http://www.RinkleFree.com
> ------------------------------------------------------------------------
>
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy
>   
> ------------------------------------------------------------------------
>
> No virus found in this incoming message.
> Checked by AVG Free Edition. 
> Version: 7.5.503 / Virus Database: 269.17.1/1182 - Release Date: 12/12/2007 11:29 AM
>   

-- 
Best Regards,
Jim Manico
VP Software Engineering, Codemagi Inc.
Application Security Instructor, Aspect Security
jim at codemagi.com
808.652.3805 (c)
484.259.3805 (f)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20071212/d6b1fb0c/attachment.html 


More information about the Owasp-antisamy mailing list