This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP AntiSamy Project .Java"
m (creating java page for AntiSamy project) |
(adding building and developing information for AntiSamy) |
||
| Line 1: | Line 1: | ||
[[Category:OWASP_AntiSamy_Project]] | [[Category:OWASP_AntiSamy_Project]] | ||
| + | |||
| + | = Building AntiSamy (Java) = | ||
| + | |||
| + | AntiSamy is extremely easy to build. In order to start playing with the source, follow these simple instructions. | ||
| + | |||
| + | == How to get started == | ||
| + | 1. Install [http://www.eclipse.org Eclipse IDE]. Any version from 3.0 on should be fine. | ||
| + | 2. Make sure the "Ant" plugin is installed. | ||
| + | 3. Checkout the latest source from SVN. The instructions for how to do so are located on its home in [http://code.google.com/p/owaspantisamy/source/checkout Google Code]. Mind what | ||
| + | directory you check out the HEAD revision to, as that will be needed later. | ||
| + | 4. Go to File->New->Java Project | ||
| + | 5a. Under project name, enter "AntiSamy", or whatever you'd like. Under | ||
| + | 5b. Under "Contents", choose the "Create project from existing source" radio button and enter the directory that you remembered from step 3. | ||
| + | 6. Hit "Finish" | ||
| + | |||
| + | All the source should build automatically out of the box after the project is created. If "Build Automatically" is turned off, you may have to manually compile the source. | ||
| + | |||
| + | == Test Case Coverage == | ||
| + | |||
| + | AntiSamy Java has a number of test cases which are broken down into essentially two categories. There are a number of XSS and presentation layer attacks in the first category which help developers make sure they don't introduce any vulnerabilities, and a number of test cases to confirm that previously reported issues no longer exist or have not been resurrected. They are labeled in [http://code.google.com/p/owaspantisamy/source/browse/trunk/Java/current/TestSource/org/owasp/validator/html/test/AntiSamyTest.java AntiSamyTest.java] ([http://code.google.com/p/owaspantisamy/source/browse/trunk/Java/current/TestSource/org/owasp/validator/html/test/?r=84 org.owasp.validator.html.test]), which is available inside the Test source tree. | ||
| + | |||
| + | Depending on which version of NekoHTML is being used in the nightly build, you will either get 100% or just less in test case coverage. Details about the failing test cases (which are crashes from a 3rd party library) can be found in the Google Code [http://code.google.com/p/owaspantisamy/issues/detail?id=12 issue tracker]. | ||
| + | |||
| + | = Developing AntiSamy (Java) = | ||
| + | |||
| + | If you're interested in submitting patches, feel free to submit them to the Google Code issues page or e-mail them to the mailing list. There are a few principles we look at when considering patches to AntiSamy: | ||
| + | |||
| + | * security | ||
| + | * performance | ||
| + | * simplicity | ||
| + | |||
| + | There are about 7 contributors to the Java version, and we would appreciate as many as we can get! | ||
Revision as of 04:45, 20 January 2009
Building AntiSamy (Java)
AntiSamy is extremely easy to build. In order to start playing with the source, follow these simple instructions.
How to get started
1. Install Eclipse IDE. Any version from 3.0 on should be fine. 2. Make sure the "Ant" plugin is installed. 3. Checkout the latest source from SVN. The instructions for how to do so are located on its home in Google Code. Mind what directory you check out the HEAD revision to, as that will be needed later. 4. Go to File->New->Java Project 5a. Under project name, enter "AntiSamy", or whatever you'd like. Under 5b. Under "Contents", choose the "Create project from existing source" radio button and enter the directory that you remembered from step 3. 6. Hit "Finish"
All the source should build automatically out of the box after the project is created. If "Build Automatically" is turned off, you may have to manually compile the source.
Test Case Coverage
AntiSamy Java has a number of test cases which are broken down into essentially two categories. There are a number of XSS and presentation layer attacks in the first category which help developers make sure they don't introduce any vulnerabilities, and a number of test cases to confirm that previously reported issues no longer exist or have not been resurrected. They are labeled in AntiSamyTest.java (org.owasp.validator.html.test), which is available inside the Test source tree.
Depending on which version of NekoHTML is being used in the nightly build, you will either get 100% or just less in test case coverage. Details about the failing test cases (which are crashes from a 3rd party library) can be found in the Google Code issue tracker.
Developing AntiSamy (Java)
If you're interested in submitting patches, feel free to submit them to the Google Code issues page or e-mail them to the mailing list. There are a few principles we look at when considering patches to AntiSamy:
* security * performance * simplicity
There are about 7 contributors to the Java version, and we would appreciate as many as we can get!
This category currently contains no pages or media.
