| what
|
is this project?
|
| Name: OWASP Java HTML Sanitizer (home page)
|
Purpose:
- This is a fast Java-based HTML Sanitizer which provides XSS protection.
- This is code from the Caja project that was donated by Google. It is rather high performance and low memory utilization.
- The existing dependencies are on guava and JSR 305. The other jars are only needed by the unittests. The JSR 305 dependency is a compile-only dependency, only needed for annotations.
- This code provides 4X the speed of AntiSamy sanitization in DOM mode and 2X the speed of AntiSamy in SAX mode
- Very easy to use. It allows for simple programmatic POSITIVE policy configuration (see below). No XML config.
- It does not suffer from the various security flaws that the Niko HTML parser brought with it
- Actively maintained by myself and Mike Samuel from Google's AppSec team
- Already passing 80% of AntiSamy's unit tests *plus many more*.
- Only 3 dependent jar files
- This is a pure Java 6 project and does not support Java 5 or below ( Please note AntiSamy supports 1.4+ ).
|
| License: New BSD License
|
| who
|
is working on this project?
|
| Project Leader(s):
|
| how
|
can you learn more?
|
| Project Pamphlet: Not Yet Created
|
| Project Presentation:
|
| Mailing list: Mailing List Archives
|
| Project Roadmap: View
|
| Main links:
|
| Key Contacts
|
|
|
|
