[Owasp-antisamy] AntiSamy 1.4.1 released (into Maven!)

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Mon Jun 14 16:06:26 EDT 2010


By the way, for all you non-Maven folks, we deployed the new source,
binaries and policy files to the Google Code downloads page:

 

http://code.google.com/p/owaspantisamy/downloads/list

 

Thanks,

Arshan

 

 

From: Arshan Dabirsiaghi 
Sent: Thursday, June 10, 2010 10:11 PM
To: owasp-antisamy at lists.owasp.org
Subject: AntiSamy 1.4.1 released (into Maven!)

 

We kind of skipped 1.4. Here are the highlights:

 

1. Full Maven support. Here's an example dependency:

 

<dependency>

  <groupId>org.owasp.antisamy</groupId>

  <artifactId>antisamy</artifactId>

  <version>1.4.1</version>

</dependency>

 

2. SAX support:

 

Calls like AntiSamy.scan(String,Policy) become
AntiSamy.scan(String,Policy,AntiSamy.SAX). Default still uses DOM.
Consider the SAX version really promising but still 10% experimental.
All test cases pass, but security isn't all about test cases.

 

3. New directives:

 

validateParamAsEmbed - as discussed previously on this list. When set to
true, lets you validate <param> tags in ways you couldn't before.

noFollowAnchors - when set to true, adds a rel="nofollow" to anchor tags
that pass validation.

 

Details all on http://i8jesus.com/?p=112. As always, we appreciate your
feedback, bug reports, and patches.

 

Cheers,

Arshan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20100614/57c18786/attachment.html 


More information about the Owasp-antisamy mailing list