This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Category:OWASP AntiSamy Project .Java

From OWASP
Revision as of 04:50, 20 January 2009 by Arshan (talk | contribs) (How to get started)

Jump to: navigation, search


Building AntiSamy (Java)

AntiSamy is extremely easy to build. In order to start playing with the source, follow these simple instructions.

How to get started

1. Install Eclipse IDE. Any version from 3.0 on should be fine.
2. Make sure the "Ant" plugin is installed.
3. Checkout the latest source from SVN. The instructions for how to do so are located on its home in Google Code. Mind what local
   directory you check out the HEAD revision to, as that will be needed later. Make sure you also select the "Java/current" 
   directory so that you only get the Java version of AntiSamy!
4. Go to File->New->Java Project
5a. Under project name, enter "AntiSamy", or whatever you'd like. Under
5b. Under "Contents", choose the "Create project from existing source" radio button and enter the directory that you remembered from
    step 3.
6. Hit "Finish"

All the source should build automatically out of the box after the project is created. If "Build Automatically" is turned off, you may have to manually compile the source.

To generate the jar, javadocs, or other distributions, load the build.xml inside the project root into the Ant plugin and select your desired build target, such as "jar".

Test Case Coverage

AntiSamy Java has a number of test cases which are broken down into essentially two categories. There are a number of XSS and presentation layer attacks in the first category which help developers make sure they don't introduce any vulnerabilities, and a number of test cases to confirm that previously reported issues no longer exist or have not been resurrected. They are labeled in AntiSamyTest.java (org.owasp.validator.html.test), which is available inside the Test source tree.

Depending on which version of NekoHTML is being used in the nightly build, you will either get 100% or just less in test case coverage. Details about the failing test cases (which are crashes from a 3rd party library) can be found in the Google Code issue tracker.

Developing AntiSamy (Java)

If you're interested in submitting patches, feel free to submit them to the Google Code issues page or e-mail them to the mailing list. There are a few principles we look at when considering patches to AntiSamy:

* security
* performance 
* simplicity

There are about 7 contributors to the Java version, and we would appreciate as many as we can get!

This category currently contains no pages or media.