[Owasp-leaders] AntiSamy

Jason Johnson jason.johnson at owasp.org
Sun Feb 3 17:59:57 UTC 2013


I am aswell, is the .NET project still needing attention or is the MS
version superseded. We could improve on it?

Thoughts?
On Feb 3, 2013 11:44 AM, "Jim Manico" <jim.manico at owasp.org> wrote:

>  I'm very excited to see the AntiSamy projects recent update! Nice work,
> folks.
>
> https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project
>
> *****
>
> After over a year, version 1.5 is finally released!
>
> This version requires java 1.5.
>
> 1.5 promises to be significantly faster than previous releases; your
> mileage will vary anything from just some percent to a full 5 times faster,
> depending on use cases. A lot of attention has been put to typical "server"
> validation cases in this release.
>
> The DOM parser is still the fastest by a clear margin if you do a lot of
> parameter validation (short strings). If you additionally only use AntiSamy
> to avoid malicious data the DOM parser will be even faster if you avoid
> calling CleanResults#getCleanHTML
>
> We also fixed issue 133, 135, 147 & 121. Nekohtml has also been upgraded to
> avoid all sorts of interesting OOME's and
> stack overflows. Also, this version no longer depends on xercesImpl,
> avoiding a whole bunch of interesting conflicts.
>
> The internal interfaces have changed quite significantly; the external
> interfaces have very minor changes that should not affect most users.
>
> Enjoy !
>
> Kristian
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130203/a21bccda/attachment-0001.html>


More information about the OWASP-Leaders mailing list