|
|
| (5 intermediate revisions by one other user not shown) |
| Line 1: |
Line 1: |
| − | [[Category:OWASP_AntiSamy_Project]]
| |
| | | | |
| − | = Building AntiSamy (Java) =
| |
| − |
| |
| − | AntiSamy is extremely easy to build. In order to start playing with the source, follow these simple instructions.
| |
| − |
| |
| − | == How to get started ==
| |
| − | 1. Install [http://www.eclipse.org Eclipse IDE]. Any version from 3.0 on should be fine.
| |
| − | 2. Make sure the "Ant" plugin is installed.
| |
| − | 3. Checkout the latest source from SVN. The instructions for how to do so are located on its home in [http://code.google.com/p/owaspantisamy/source/checkout Google Code]. Mind what
| |
| − | directory you check out the HEAD revision to, as that will be needed later.
| |
| − | 4. Go to File->New->Java Project
| |
| − | 5a. Under project name, enter "AntiSamy", or whatever you'd like. Under
| |
| − | 5b. Under "Contents", choose the "Create project from existing source" radio button and enter the directory that you remembered from step 3.
| |
| − | 6. Hit "Finish"
| |
| − |
| |
| − | All the source should build automatically out of the box after the project is created. If "Build Automatically" is turned off, you may have to manually compile the source.
| |
| − |
| |
| − | == Test Case Coverage ==
| |
| − |
| |
| − | AntiSamy Java has a number of test cases which are broken down into essentially two categories. There are a number of XSS and presentation layer attacks in the first category which help developers make sure they don't introduce any vulnerabilities, and a number of test cases to confirm that previously reported issues no longer exist or have not been resurrected. They are labeled in [http://code.google.com/p/owaspantisamy/source/browse/trunk/Java/current/TestSource/org/owasp/validator/html/test/AntiSamyTest.java AntiSamyTest.java] ([http://code.google.com/p/owaspantisamy/source/browse/trunk/Java/current/TestSource/org/owasp/validator/html/test/?r=84 org.owasp.validator.html.test]), which is available inside the Test source tree.
| |
| − |
| |
| − | Depending on which version of NekoHTML is being used in the nightly build, you will either get 100% or just less in test case coverage. Details about the failing test cases (which are crashes from a 3rd party library) can be found in the Google Code [http://code.google.com/p/owaspantisamy/issues/detail?id=12 issue tracker].
| |
| − |
| |
| − | = Developing AntiSamy (Java) =
| |
| − |
| |
| − | If you're interested in submitting patches, feel free to submit them to the Google Code issues page or e-mail them to the mailing list. There are a few principles we look at when considering patches to AntiSamy:
| |
| − |
| |
| − | * security
| |
| − | * performance
| |
| − | * simplicity
| |
| − |
| |
| − | There are about 7 contributors to the Java version, and we would appreciate as many as we can get!
| |
