[Owasp-antisamy] SAX-based AntiSamy

Lars Trieloff lars at trieloff.net
Wed Sep 17 14:15:25 EDT 2008


Hi,

in the comments to my patch you mentioned a threat modeling you have
to conduct. Any status updates on this side?

regards,

Lars

On Mon, Jul 7, 2008 at 1:38 PM, Lars Trieloff <lars at trieloff.net> wrote:
> Hi,
>
> I've created a patch that implements the scanning logic in a SAX
> filter: http://code.google.com/p/owaspantisamy/issues/detail?id=16
>
>
> now I am looking to use it in the AntiSamy facade and in the DOM-based
> scanner to have only one implementation of the filtering logic and to
> make use of the performance benefits wherever possible. My questions
> is how important  the availability of the returned DOM Fragment is,
> because I would like to drop this part or add parse it only when
> requested.
>
> regards,
>
> Lars
>


More information about the Owasp-antisamy mailing list