[Owasp-antisamy] AntiSamy versus ESAPI?

Jim Manico jim at manico.net
Tue Aug 4 19:10:31 EDT 2009

On ESAPI, AntiSamy, and Input Validation.

When accepting HTML from a user that you then need to render, use AntiSamy to set a policy for what HTML you accept as input from users. Some also use AntiSamy as an "output policy checker" for HTML output that came from other users.

Use ESAPI's validation for pretty much all else.

If you need to do secure file upload, that is a WAY more complex issue that ESAPI only partially addresses, currently.

- Jim
  ----- Original Message ----- 
  From: Joanne Sun 
  To: owasp-antisamy at lists.owasp.org 
  Sent: Tuesday, August 04, 2009 11:49 AM
  Subject: [Owasp-antisamy] AntiSamy versus ESAPI?


  Can anybody point a similar page


  to use AntiSamy for XSS prevention? All the rules in the page use ESAPI.

  Can you tell me when to use AntiSamy, when to use ESAPI?




  Owasp-antisamy mailing list
  Owasp-antisamy at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20090804/0154b7b8/attachment.html 

More information about the Owasp-antisamy mailing list