[owasp-antisamy] Using Antisamy in URL validation

Jason Li jason.li at owasp.org
Tue May 10 14:27:01 EDT 2011


Mogare,

AntiSamy policy files are available here:
http://code.google.com/p/owaspantisamy/downloads/list

The AntiSamy Project is meant to validate user generated rich text (HTML)
input against a whitelist specification of safe HTML elements in order to
prevent cross-site scripting. It does not provide any other type of
validation. Depending on your use case, AntiSamy may or may not be
appropriate for your requirements.

You will need to identify the parameter you wish to validate and pass that
parameter value into the AntiSamy scanner. For example, assuming the
parameter containing user generated rich text input was named "inputHtml",
AntiSamy can be invoked as follows:

String dirtyInput = request.getParameter("inputHtml");
Policy policy = Policy.getInstance(INSERT_YOUR_POLICY_FILE_LOCATION);
AntiSamy as = new AntiSamy(policy);
CleanResults cr = as.scan(dirtyInput);
String cleanInput = cr.getCleanHTML();

Again, note that AntiSamy is not a universal validator - it's specific use
case is to validate user generated rich text input.

-Jason

On Tue, May 10, 2011 at 9:13 AM, Mogare Amey <Amey.Mogare at atosorigin.com>wrote:

>  Hi,
>
>
>
> I want to use Antisamy API to clean URL parameters.
>
>
>
> I read the details on
> https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project
>
> And downloaded “antisamy-1.4.4.jar” and imported in my java class.
>
>
>
> I don’t know how to download base policy file mentioned in above URL. Where
> do get it?
>
>
>
> Can you please help me in achieving my requirement?
>
>
>
> Which method I should use to clean URL parameters?
>
>
>
> Thank you.
>
>
>
> With warm regards,
>
> *Amey Mogare*
>
> *Atos Origin India | SAP NetWeaver/ EP/ Web Dynpro | Nessie NDC :
> Production Line - SAP | Email : Amey.mogare at atosorigin.com | Office :
> +91-22-6733-3732 | Mobile : +91-9820-303-464***
>
>
>
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20110510/e7120fcf/attachment.html 


More information about the Owasp-antisamy mailing list