[Owasp-antisamy] Upgrading NekoHTML?

Dan Rabe dan.rabe at oracle.com
Thu Dec 24 13:16:36 EST 2009


Just curious if anyone has looked at using AntiSamy with the latest 
NekoHTML? AntiSamy is using 1.9.11; the latest NekoHTML is 1.9.13. In 
general I like to use the latest libraries available, but I noticed that 
upgrading the NekoHTML jar results in more failures in AntiSamyTest (in 
both 1.3 and current). I also have an example of HTML generated by Word 
2007 (when you copy a fragment from a Word document) that results in a 
stack overflow in NekoHTML 1.9.13, but not 1.9.11. But then I look at 
the changelog for NekoHTML and see that they've fixed some fairly 
serious bugs (like an infinite loop). All things considered, a 
StackOverflowError is easier to live with than an infinite loop!

Thanks,
--Dan
 


More information about the Owasp-antisamy mailing list