This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:OWASP AntiSamy Project .Java"

From OWASP
Jump to: navigation, search
(adding information about building from POM)
(Delete this page.)
 
(2 intermediate revisions by one other user not shown)
Line 1: Line 1:
[[Category:OWASP_AntiSamy_Project]]
 
  
= Building AntiSamy (Java) =
 
 
AntiSamy is extremely easy to build. In order to start playing with the source, follow these simple instructions.
 
 
== How to get started ==
 
1. Install [http://www.eclipse.org Eclipse IDE]. Any version from 3.0 on should be fine.
 
2. Make sure the "Ant" plugin is installed.
 
3. Checkout the latest source from SVN. The instructions for how to do so are located on its home in [http://code.google.com/p/owaspantisamy/source/checkout Google Code]. Mind what local
 
    directory you check out the HEAD revision to, as that will be needed later. Make sure you also select the "Java/current"
 
    directory so that you only get the Java version of AntiSamy!
 
4. Go to File->New->Java Project
 
5a. Under project name, enter "AntiSamy", or whatever you'd like.
 
5b. Under "Contents", choose the "Create project from existing source" radio button and enter the directory that you remembered from
 
    step 3.
 
6. Hit "Finish"
 
 
All the source should build automatically out of the box after the project is created. If "Build Automatically" is turned off, you may have to manually compile the source.
 
 
To generate the jar, javadocs, or other distributions, load the build.xml inside the project root into the Ant plugin and select your desired build target, such as "jar".
 
 
== Building from Maven ==
 
 
It's possible to build AntiSamy directly through Maven.
 
 
- The POM file is located http://code.google.com/p/owaspantisamy/source/browse/trunk/Java/current/pom.xml
 
- There is a source and binary snapshot at http://antisamy.happyfern.com/maven2-snapshot/
 
- To generate a source JAR with (along with the binary) add the following snippet to the <build> tag of the POM: (thanks to thiaghop!)
 
 
<pre>
 
<plugin>
 
  <groupId>org.apache.maven.plugins</groupId>
 
  <artifactId>maven-source-plugin</artifactId>
 
  <version>LATEST</version>
 
  <executions>
 
      <execution>
 
        <id>attach-sources</id>
 
        <goals>
 
          <goal>jar</goal>
 
        </goals>
 
      </execution>
 
  </executions>
 
</plugin>
 
</pre>
 
 
== Test Case Coverage ==
 
 
AntiSamy Java has a number of test cases which are broken down into essentially two categories. There are a number of XSS and presentation layer attacks in the first category which help developers make sure they don't introduce any vulnerabilities, and a number of test cases to confirm that previously reported issues no longer exist or have not been resurrected. They are labeled in [http://code.google.com/p/owaspantisamy/source/browse/trunk/Java/current/TestSource/org/owasp/validator/html/test/AntiSamyTest.java AntiSamyTest.java] ([http://code.google.com/p/owaspantisamy/source/browse/trunk/Java/current/TestSource/org/owasp/validator/html/test/?r=84 org.owasp.validator.html.test]), which is available inside the Test source tree.
 
 
Depending on which version of NekoHTML is being used in the nightly build, you will either get 100% or just less in test case coverage. Details about the failing test cases (which are crashes from a 3rd party library) can be found in the Google Code [http://code.google.com/p/owaspantisamy/issues/detail?id=12 issue tracker].
 
 
= Developing AntiSamy (Java) =
 
 
If you're interested in submitting patches, feel free to submit them to the Google Code issues page or e-mail them to the mailing list. There are a few principles we look at when considering patches to AntiSamy:
 
 
* security
 
* performance
 
* simplicity
 
 
There are about 7 contributors to the Java version, and we would appreciate as many as we can get!
 

Latest revision as of 22:08, 13 May 2019

This category currently contains no pages or media.