[Owasp-antisamy] Help wanted with SAX patch

• Next message: [Owasp-antisamy] AntiSamy versus ESAPI?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

All,
 
Is anybody with experience in Java SAX processing willing to help me diagnose Lars' patch [1] to refactor AntiSamy to use, well, SAX? I'm afraid I've always been more of a DOM guy, but I don't want his good work to go to waste and I want to enable any users who need to maximize AntiSamy performance.
 
Because I'm not a nuanced expert, I can't commit a patch that looks good to me. Aside from that, the patch is a little out of date now, and it would need a smart person to help update it.
 
On top of this, our test case coverage is good for making sure the patch wouldn't open up security bugs or cause regression, but it's not so good at making sure legit user input still gets through. I bring that up because this will only decrease my confidence that we're moving in the right direction. Because SAX isn't linear it is, to me, harder to think through from end-to-end.
 
Thoughts?
Arshan
 
[1] http://code.google.com/p/owaspantisamy/issues/detail?id=16
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20090803/85bfc88a/attachment.html 

• Next message: [Owasp-antisamy] AntiSamy versus ESAPI?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]