This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

AntiSamy Version Differences

From OWASP
Revision as of 00:38, 20 October 2009 by Arshan (talk | contribs) (creating comparison matrix for antisamy java vs .net)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This page shows the different AntiSamy features and whether or not its available in a given port.

AntiSamy Feature Comparison
Feature
AntiSamy (Java)
AntiSamy (.NET)
Safely parses HTML
Does this version of AntiSamy allow users to provide HTML input that will filter out any dangerous data, including any JavaScript?
Yes
Yes
Can parse and validate CSS instead of removing it
Does this version of AntiSamy allow users to provide cascading style sheets as well as HTML without accepting any dangerous data that could allow phishing or other visual attacks?
Yes
Yes
XHTML support
Does this version of AntiSamy allow developers to specify whether or not output should be in XHTML form?
Yes
No
Can specify if doctype is wanted
Does this version of AntiSamy allow users to optionally add a doctype declaration to all output?
Yes
No
Can embed remote stylesheets (with timeout?)
During CSS validation, can offsite stylesheets with fully-qualified URLs be downloaded and validated automatically?
Yes
No
Can pretty-print output
Does this version of AntiSamy have the capability of automatically formatting output?
Yes
No
Can properly validate <embed> arguments in both <param> and attribute form?
Does this version of AntiSamy process object parameters as attributes of <embed> or as nested <param> tags seamlessly?
Yes
No