[Owasp-leaders] AntiSamy

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Mon Feb 4 15:10:59 UTC 2013


Yep. I'd gladly take any name recommendations off-list.

On 2/3/13 7:05 PM, "Ryan Barnett" <ryan.barnett at owasp.org> wrote:

>Anyone ever consider a project name change here?  Veterans of the
>webappsec realm remember what Samy did and its wake up call but the
>project's name doesn't make it quickly clear to new-comers.
>
>If you are going for wider adoption it is something to consider.
>
>--
>Ryan Barnett
>
>
>On Feb 3, 2013, at 1:16 PM, Jason Johnson <jason.johnson at owasp.org> wrote:
>
>> I noticed and I agree, most of the devs I know do not validate. Im
>>think that if I can show the benefits of this it could be adopted as a
>>standard federally. AntiSamy as a whole not just the .NET.
>> 
>> Jason
>> On Feb 3, 2013, at 12:12 PM, Jim Manico wrote:
>> 
>>> The Microsoft AntiXSS .NET function that provides HTML validation does
>>>not provide advanced policy configuration like AntiSamy.
>>> 
>>> So while I think most .NET coders will use the default API (at best),
>>>I do think a .NET AntiSamy is still important.
>>> 
>>> My 2 cents,
>>> Jim
>>> 
>>> 
>>> 
>>>> I am aswell, is the .NET project still needing attention or is the MS
>>>> version superseded. We could improve on it?
>>>> 
>>>> Thoughts?
>>>> On Feb 3, 2013 11:44 AM, "Jim Manico" <jim.manico at owasp.org> wrote:
>>>> 
>>>>> I'm very excited to see the AntiSamy projects recent update! Nice
>>>>>work,
>>>>> folks.
>>>>> 
>>>>> https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project
>>>>> 
>>>>> *****
>>>>> 
>>>>> After over a year, version 1.5 is finally released!
>>>>> 
>>>>> This version requires java 1.5.
>>>>> 
>>>>> 1.5 promises to be significantly faster than previous releases; your
>>>>> mileage will vary anything from just some percent to a full 5 times
>>>>>faster,
>>>>> depending on use cases. A lot of attention has been put to typical
>>>>>"server"
>>>>> validation cases in this release.
>>>>> 
>>>>> The DOM parser is still the fastest by a clear margin if you do a
>>>>>lot of
>>>>> parameter validation (short strings). If you additionally only use
>>>>>AntiSamy
>>>>> to avoid malicious data the DOM parser will be even faster if you
>>>>>avoid
>>>>> calling CleanResults#getCleanHTML
>>>>> 
>>>>> We also fixed issue 133, 135, 147 & 121. Nekohtml has also been
>>>>>upgraded to
>>>>> avoid all sorts of interesting OOME's and
>>>>> stack overflows. Also, this version no longer depends on xercesImpl,
>>>>> avoiding a whole bunch of interesting conflicts.
>>>>> 
>>>>> The internal interfaces have changed quite significantly; the
>>>>>external
>>>>> interfaces have very minor changes that should not affect most users.
>>>>> 
>>>>> Enjoy !
>>>>> 
>>>>> Kristian
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>_______________________________________________
>OWASP-Leaders mailing list
>OWASP-Leaders at lists.owasp.org
>https://lists.owasp.org/mailman/listinfo/owasp-leaders



More information about the OWASP-Leaders mailing list