[Owasp-leaders] AntiSamy

Jim Manico jim.manico at owasp.org
Sun Feb 3 17:46:12 UTC 2013


I'm very excited to see the AntiSamy projects recent update! Nice work,
folks.

https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project

*****

After over a year, version 1.5 is finally released!

This version requires java 1.5.

1.5 promises to be significantly faster than previous releases; your
mileage will vary anything from just some percent to a full 5 times faster,
depending on use cases. A lot of attention has been put to typical "server"
validation cases in this release.

The DOM parser is still the fastest by a clear margin if you do a lot of
parameter validation (short strings). If you additionally only use AntiSamy
to avoid malicious data the DOM parser will be even faster if you avoid
calling CleanResults#getCleanHTML

We also fixed issue 133, 135, 147 & 121. Nekohtml has also been upgraded to
avoid all sorts of interesting OOME's and
stack overflows. Also, this version no longer depends on xercesImpl,
avoiding a whole bunch of interesting conflicts.

The internal interfaces have changed quite significantly; the external
interfaces have very minor changes that should not affect most users.

Enjoy !

Kristian

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130203/66dd37c8/attachment.html>


More information about the OWASP-Leaders mailing list