[Owasp-antisamy] Help wanted with SAX patch

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Mon Aug 3 02:51:37 EDT 2009

Is anybody with experience in Java SAX processing willing to help me diagnose Lars' patch [1] to refactor AntiSamy to use, well, SAX? I'm afraid I've always been more of a DOM guy, but I don't want his good work to go to waste and I want to enable any users who need to maximize AntiSamy performance.
Because I'm not a nuanced expert, I can't commit a patch that looks good to me. Aside from that, the patch is a little out of date now, and it would need a smart person to help update it.
On top of this, our test case coverage is good for making sure the patch wouldn't open up security bugs or cause regression, but it's not so good at making sure legit user input still gets through. I bring that up because this will only decrease my confidence that we're moving in the right direction. Because SAX isn't linear it is, to me, harder to think through from end-to-end.
[1] http://code.google.com/p/owaspantisamy/issues/detail?id=16
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20090803/85bfc88a/attachment.html 

More information about the Owasp-antisamy mailing list