[Owasp-leaders] AntiSamy

Jason Johnson jason.johnson at owasp.org
Sun Feb 3 18:16:07 UTC 2013


I noticed and I agree, most of the devs I know do not validate. Im think that if I can show the benefits of this it could be adopted as a standard federally. AntiSamy as a whole not just the .NET.

Jason
On Feb 3, 2013, at 12:12 PM, Jim Manico wrote:

> The Microsoft AntiXSS .NET function that provides HTML validation does not provide advanced policy configuration like AntiSamy.
> 
> So while I think most .NET coders will use the default API (at best), I do think a .NET AntiSamy is still important.
> 
> My 2 cents,
> Jim
> 
> 
> 
>> I am aswell, is the .NET project still needing attention or is the MS
>> version superseded. We could improve on it?
>> 
>> Thoughts?
>> On Feb 3, 2013 11:44 AM, "Jim Manico" <jim.manico at owasp.org> wrote:
>> 
>>> I'm very excited to see the AntiSamy projects recent update! Nice work,
>>> folks.
>>> 
>>> https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project
>>> 
>>> *****
>>> 
>>> After over a year, version 1.5 is finally released!
>>> 
>>> This version requires java 1.5.
>>> 
>>> 1.5 promises to be significantly faster than previous releases; your
>>> mileage will vary anything from just some percent to a full 5 times faster,
>>> depending on use cases. A lot of attention has been put to typical "server"
>>> validation cases in this release.
>>> 
>>> The DOM parser is still the fastest by a clear margin if you do a lot of
>>> parameter validation (short strings). If you additionally only use AntiSamy
>>> to avoid malicious data the DOM parser will be even faster if you avoid
>>> calling CleanResults#getCleanHTML
>>> 
>>> We also fixed issue 133, 135, 147 & 121. Nekohtml has also been upgraded to
>>> avoid all sorts of interesting OOME's and
>>> stack overflows. Also, this version no longer depends on xercesImpl,
>>> avoiding a whole bunch of interesting conflicts.
>>> 
>>> The internal interfaces have changed quite significantly; the external
>>> interfaces have very minor changes that should not affect most users.
>>> 
>>> Enjoy !
>>> 
>>> Kristian
>>> 
>>> 
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> 
>>> 
>> 
> 



More information about the OWASP-Leaders mailing list