[owasp-antisamy] DOM vs SAX, empty elements

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Mon Jun 25 16:47:07 UTC 2012

In the short term (next few releases), I'm definitely aiming for the
different engines' outputs to be effectively synchronous as opposed to
literally synchronous. In the long term, I'm more interested in
deprecating the DOM engine entirely because the performance is worse and
it doubles our maintenance costs.


-----Original Message-----
From: owasp-antisamy-bounces at lists.owasp.org
[mailto:owasp-antisamy-bounces at lists.owasp.org] On Behalf Of Dan Rabe
Sent: Monday, June 25, 2012 12:24 PM
To: owasp-antisamy at lists.owasp.org
Subject: [owasp-antisamy] DOM vs SAX, empty elements

I thought I remembered seeing some discussion of this before, but I
can't find it at the moment, so my apologies if this has already been
covered somewhere.

For the input document "<p></p>", the DOM parser returns an empty
string, but the SAX parser returns "<p></p>". I'm not sure which should
be considered "right", but I was wondering if the difference in behavior
was a known issue, and if so, are there plans to resolve it?


Owasp-antisamy mailing list
Owasp-antisamy at lists.owasp.org

More information about the Owasp-antisamy mailing list