[Owasp-antisamy] AntiSamy 1.4.1 released (into Maven!)
arshan.dabirsiaghi at aspectsecurity.com
Thu Jun 10 22:11:23 EDT 2010
We kind of skipped 1.4. Here are the highlights:
1. Full Maven support. Here's an example dependency:
2. SAX support:
Calls like AntiSamy.scan(String,Policy) become
AntiSamy.scan(String,Policy,AntiSamy.SAX). Default still uses DOM.
Consider the SAX version really promising but still 10% experimental.
All test cases pass, but security isn't all about test cases.
3. New directives:
validateParamAsEmbed - as discussed previously on this list. When set to
true, lets you validate <param> tags in ways you couldn't before.
noFollowAnchors - when set to true, adds a rel="nofollow" to anchor tags
that pass validation.
Details all on http://i8jesus.com/?p=112. As always, we appreciate your
feedback, bug reports, and patches.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-antisamy