[OWASP-ESAPI] antisamy and esapi

Joanne Sun joannehsun at gmail.com
Tue Aug 4 17:43:12 EDT 2009


Thanks for your fast reply. I read the link again but I am not still not
clear.
For preventing XSS, all the rules

http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet

use ESAPI as example

and the
http://www.owasp.org/index.php/How_to_perform_HTML_entity_encoding_in_Javadid
not mention AntiSami

So AntiSamy is better than ESAPI or the opposite? It seems AntiSamy is good
at preventing CSRF from a slide
http://www.owasp.org/images/e/e9/OWASP-WASCAppSec2007SanJose_AntiSamy.ppt.

If we got the license of Antisamy, that is not enough to use ESAPI? But the
other direction is ok?
Thanks,
On Tue, Aug 4, 2009 at 2:19 PM, Chris Schmidt <chrisisbeef at gmail.com> wrote:

> Also,
>
> ESAPI uses AntiSamy to validate HTML in the reference implementation
>
> org.owasp.esapi.reference.validation.HTMLValidationRule
>
> On Tue, 2009-08-04 at 10:51 -1000, Jim Manico wrote:
> > Does this help at all?
> >
> >
> http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project#What_is_it.3F
> >
> >         ----- Original Message -----
> >         From: Joanne Sun
> >         To: OWASP-ESAPI at lists.owasp.org
> >         Sent: Monday, August 03, 2009 8:39 PM
> >         Subject: [OWASP-ESAPI] antisamy and esapi
> >
> >
> >         Hello,
> >
> >         Could you please tell me what is the relation between Antisamy
> >         and ESAPI? Which I should use for my java ee project?
> >
> >         Thank you!
> >
> >         Joanne
> >
> >         ______________________________________________________________
> >
> >         _______________________________________________
> >         OWASP-ESAPI mailing list
> >         OWASP-ESAPI at lists.owasp.org
> >         https://lists.owasp.org/mailman/listinfo/owasp-esapi
> > _______________________________________________
> > OWASP-ESAPI mailing list
> > OWASP-ESAPI at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-esapi
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20090804/8e18ee8e/attachment.html 


More information about the OWASP-ESAPI mailing list