This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "AntiSamy Version Differences"
From OWASP
(creating comparison matrix for antisamy java vs .net) |
m (fixing horizontal alignment of right columns) |
||
Line 1: | Line 1: | ||
This page shows the different AntiSamy features and whether or not its available in a given port.<br> | This page shows the different AntiSamy features and whether or not its available in a given port.<br> | ||
− | {| width="828" cellspacing="3" cellpadding="3" border="1" align="left | + | {| width="828" cellspacing="3" cellpadding="3" border="1" align="left" summary="Shows the capability and feature differences amongst AntiSamy versions." style="" |
|+ AntiSamy Feature Comparison<br> | |+ AntiSamy Feature Comparison<br> | ||
|- | |- | ||
Line 9: | Line 9: | ||
|- | |- | ||
| align="left" | '''Safely parses HTML'''<br>''Does this version of AntiSamy allow users to provide HTML input that will filter out any dangerous data, including any JavaScript?''<br> | | align="left" | '''Safely parses HTML'''<br>''Does this version of AntiSamy allow users to provide HTML input that will filter out any dangerous data, including any JavaScript?''<br> | ||
− | | Yes<br> | + | | align="center" | Yes<br> |
− | | Yes<br> | + | | align="center" | Yes<br> |
|- | |- | ||
− | | align="left" | '''Can parse and validate CSS instead of removing it'''<br>''Does this version of AntiSamy allow users to provide cascading style sheets as well as HTML without accepting any dangerous data that could allow phishing or other visual attacks?''<br> | + | | align="left" | '''Can parse and validate CSS instead of removing it'''<br>''Does this version of AntiSamy allow users to provide cascading style sheets as well as HTML without accepting any dangerous data that could allow phishing or other visual attacks?''<br> |
− | | Yes<br> | + | | align="center" | Yes<br> |
− | | Yes<br> | + | | align="center" | Yes<br> |
|- | |- | ||
− | | align="left" | '''XHTML support'''<br>''Does this version of AntiSamy allow developers to specify whether or not output should be in XHTML form?''<br> | + | | align="left" | '''XHTML support'''<br>''Does this version of AntiSamy allow developers to specify whether or not output should be in XHTML form?''<br> |
− | | Yes<br> | + | | align="center" | Yes<br> |
− | | No<br> | + | | align="center" | No<br> |
|- | |- | ||
− | | align="left" | '''Can specify if doctype is wanted'''<br>''Does this version of AntiSamy allow users to optionally add a doctype declaration to all output?''<br> | + | | align="left" | '''Can specify if doctype is wanted'''<br>''Does this version of AntiSamy allow users to optionally add a doctype declaration to all output?''<br> |
− | | Yes<br> | + | | align="center" | Yes<br> |
− | | No<br> | + | | align="center" | No<br> |
|- | |- | ||
− | | align="left" | '''Can embed remote stylesheets (with timeout?)'''<br>''During CSS validation, can offsite stylesheets with fully-qualified URLs be downloaded and validated automatically?'' | + | | align="left" | '''Can embed remote stylesheets (with timeout?)'''<br>''During CSS validation, can offsite stylesheets with fully-qualified URLs be downloaded and validated automatically?'' |
− | | Yes<br> | + | | align="center" | Yes<br> |
− | | No<br> | + | | align="center" | No<br> |
|- | |- | ||
− | | align="left" | '''Can pretty-print output'''<br>''Does this version of AntiSamy have the capability of automatically formatting output?'' | + | | align="left" | '''Can pretty-print output'''<br>''Does this version of AntiSamy have the capability of automatically formatting output?'' |
− | | Yes<br> | + | | align="center" | Yes<br> |
− | | No<br> | + | | align="center" | No<br> |
|- | |- | ||
− | | align="left" | '''Can properly validate <embed> arguments in both <param> and attribute form?'''<br>''Does this version of AntiSamy process object parameters as attributes of <embed> or as nested <param> tags seamlessly?'' | + | | align="left" | '''Can properly validate <embed> arguments in both <param> and attribute form?'''<br>''Does this version of AntiSamy process object parameters as attributes of <embed> or as nested <param> tags seamlessly?'' |
− | | Yes<br> | + | | align="center" | Yes<br> |
− | | No<br> | + | | align="center" | No<br> |
|} | |} | ||
<br> | <br> |
Revision as of 00:40, 20 October 2009
This page shows the different AntiSamy features and whether or not its available in a given port.
Feature |
AntiSamy (Java) |
AntiSamy (.NET) |
---|---|---|
Safely parses HTML Does this version of AntiSamy allow users to provide HTML input that will filter out any dangerous data, including any JavaScript? |
Yes |
Yes |
Can parse and validate CSS instead of removing it Does this version of AntiSamy allow users to provide cascading style sheets as well as HTML without accepting any dangerous data that could allow phishing or other visual attacks? |
Yes |
Yes |
XHTML support Does this version of AntiSamy allow developers to specify whether or not output should be in XHTML form? |
Yes |
No |
Can specify if doctype is wanted Does this version of AntiSamy allow users to optionally add a doctype declaration to all output? |
Yes |
No |
Can embed remote stylesheets (with timeout?) During CSS validation, can offsite stylesheets with fully-qualified URLs be downloaded and validated automatically? |
Yes |
No |
Can pretty-print output Does this version of AntiSamy have the capability of automatically formatting output? |
Yes |
No |
Can properly validate <embed> arguments in both <param> and attribute form? Does this version of AntiSamy process object parameters as attributes of <embed> or as nested <param> tags seamlessly? |
Yes |
No |