This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Projects/OWASP Java HTML Sanitizer Project

From OWASP

Revision as of 18:37, 30 August 2013 by Jmanico (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Project Info
Questions

PROJECT INFO
What does this OWASP project offer you?

RELEASE(S) INFO
What releases are available for this project?

what	is this project?
Name: OWASP Java HTML Sanitizer (home page)
Purpose: The OWASP Java HTML Sanitizer Project is a fast and easy to configure HTML Sanitizer written in Java which lets you include HTML authored by third-parties in your web application while protecting against XSS. This code was written with security best practices in mind, has an extensive test suite, and has undergone adversarial security review https://code.google.com/p/owasp-java-html-sanitizer/wiki/AttackReviewGroundRules. The existing dependencies are on guava and JSR 305. The JSR 305 dependency is a compile-only dependency, only needed for annotations. The other jars are only needed by the unittests. Provides 4X the speed of AntiSamy sanitization in DOM mode and 2X the speed of AntiSamy in SAX mode. Very easy to use. It allows for simple programmatic POSITIVE policy configuration (see below). No XML config. Actively maintained by Mike Samuel from Google's AppSec team! Passing 95+% of AntiSamy's unit tests plus many more. This is code from the Caja project that was donated by Google. It is rather high performance and low memory utilization. Java 1.5+
License: New BSD License
who	is working on this project?
Project Leader(s): Mike Samuel @ Jim Manico @
how	can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Main links: https://code.google.com/p/owasp-java-html-sanitizer/ http://code.google.com/p/owasp-java-html-sanitizer/wiki/Maven
Key Contacts
Contact Mike Samuel @ to contribute to this project Contact Mike Samuel @ to review or sponsor this project

current release

For more information goto https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project.
last reviewed release
Not Yet Reviewed

other releases

How was this project tested?
- This code was written with security best practices in mind, has an extensive test suite, and has undergone adversarial security review.
How is this project deployed?
- This project is best deployed through Maven https://code.google.com/p/owasp-java-html-sanitizer/wiki/Maven

Retrieved from "https://wiki.owasp.org/index.php?title=Projects/OWASP_Java_HTML_Sanitizer_Project&oldid=157577"