[Owasp-antisamy] Help wanted with SAX patch
arshan.dabirsiaghi at aspectsecurity.com
Mon Aug 3 02:51:37 EDT 2009
Is anybody with experience in Java SAX processing willing to help me diagnose Lars' patch  to refactor AntiSamy to use, well, SAX? I'm afraid I've always been more of a DOM guy, but I don't want his good work to go to waste and I want to enable any users who need to maximize AntiSamy performance.
Because I'm not a nuanced expert, I can't commit a patch that looks good to me. Aside from that, the patch is a little out of date now, and it would need a smart person to help update it.
On top of this, our test case coverage is good for making sure the patch wouldn't open up security bugs or cause regression, but it's not so good at making sure legit user input still gets through. I bring that up because this will only decrease my confidence that we're moving in the right direction. Because SAX isn't linear it is, to me, harder to think through from end-to-end.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-antisamy