[Owasp-antisamy] AntiSamy 1.4.1 released (into Maven!)

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Thu Jun 10 22:11:23 EDT 2010


We kind of skipped 1.4. Here are the highlights:

 

1. Full Maven support. Here's an example dependency:

 

<dependency>

  <groupId>org.owasp.antisamy</groupId>

  <artifactId>antisamy</artifactId>

  <version>1.4.1</version>

</dependency>

 

2. SAX support:

 

Calls like AntiSamy.scan(String,Policy) become
AntiSamy.scan(String,Policy,AntiSamy.SAX). Default still uses DOM.
Consider the SAX version really promising but still 10% experimental.
All test cases pass, but security isn't all about test cases.

 

3. New directives:

 

validateParamAsEmbed - as discussed previously on this list. When set to
true, lets you validate <param> tags in ways you couldn't before.

noFollowAnchors - when set to true, adds a rel="nofollow" to anchor tags
that pass validation.

 

Details all on http://i8jesus.com/?p=112. As always, we appreciate your
feedback, bug reports, and patches.

 

Cheers,

Arshan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20100610/710ab2d9/attachment.html 


More information about the Owasp-antisamy mailing list