This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Projects/OWASP Java HTML Sanitizer Project"

From OWASP
Jump to: navigation, search
Line 7: Line 7:
 
| project_description =  
 
| project_description =  
 
*Fast Java-based HTML Sanitizer which provides XSS protection.
 
*Fast Java-based HTML Sanitizer which provides XSS protection.
*The existing dependencies are on guava and JSR 305. The other jars are only needed by the unittests. The JSR 305 dependency is a compile-only dependency, only needed for annotations.  
+
*This is code from the Caja project that was donated by Google. It is rather high performance and low memory utilization.
 +
*This code provides 4X the speed of AntiSamy sanitization in DOM mode and 2X the speed of AntiSamy in SAX mode
 +
*Very easy to use. It allows for simple programmatic POSITIVE policy configuration (see below). No XML config.
 +
*It does not suffer from the various security flaws that the Niko HTML parser brought with it
 +
*Actively maintained by myself and Mike Samuel from Google's AppSec team
 +
*Already passing 80% of AntiSamy's unit tests *plus many more*.
 +
* Only 3 dependent jar files
 +
*This is a pure Java 6 project and does not support Java 5 or below ( Please note AntiSamy supports 1.4+ ).
 +
 
  
 
| project_license = [http://www.opensource.org/licenses/bsd-license.php New BSD License]
 
| project_license = [http://www.opensource.org/licenses/bsd-license.php New BSD License]

Revision as of 19:40, 16 March 2011

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Java HTML Sanitizer (home page)
Purpose:
  • Fast Java-based HTML Sanitizer which provides XSS protection.
  • This is code from the Caja project that was donated by Google. It is rather high performance and low memory utilization.
  • This code provides 4X the speed of AntiSamy sanitization in DOM mode and 2X the speed of AntiSamy in SAX mode
  • Very easy to use. It allows for simple programmatic POSITIVE policy configuration (see below). No XML config.
  • It does not suffer from the various security flaws that the Niko HTML parser brought with it
  • Actively maintained by myself and Mike Samuel from Google's AppSec team
  • Already passing 80% of AntiSamy's unit tests *plus many more*.
  • Only 3 dependent jar files
  • This is a pure Java 6 project and does not support Java 5 or below ( Please note AntiSamy supports 1.4+ ).
License: New BSD License
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
current release
For more information goto https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project.
last reviewed release
Not Yet Reviewed


other releases