Category:OWASP AntiSamy Project .Java

= Building AntiSamy (Java) =

AntiSamy is extremely easy to build. In order to start playing with the source, follow these simple instructions.

How to get started
1. Install Eclipse IDE. Any version from 3.0 on should be fine. 2. Make sure the "Ant" plugin is installed. 3. Checkout the latest source from SVN. The instructions for how to do so are located on its home in Google Code. Mind what directory you check out the HEAD revision to, as that will be needed later. 4. Go to File->New->Java Project 5a. Under project name, enter "AntiSamy", or whatever you'd like. Under 5b. Under "Contents", choose the "Create project from existing source" radio button and enter the directory that you remembered from step 3. 6. Hit "Finish"

All the source should build automatically out of the box after the project is created. If "Build Automatically" is turned off, you may have to manually compile the source.

Test Case Coverage
AntiSamy Java has a number of test cases which are broken down into essentially two categories. There are a number of XSS and presentation layer attacks in the first category which help developers make sure they don't introduce any vulnerabilities, and a number of test cases to confirm that previously reported issues no longer exist or have not been resurrected. They are labeled in AntiSamyTest.java (org.owasp.validator.html.test), which is available inside the Test source tree.

Depending on which version of NekoHTML is being used in the nightly build, you will either get 100% or just less in test case coverage. Details about the failing test cases (which are crashes from a 3rd party library) can be found in the Google Code issue tracker.

= Developing AntiSamy (Java) =

If you're interested in submitting patches, feel free to submit them to the Google Code issues page or e-mail them to the mailing list. There are a few principles we look at when considering patches to AntiSamy:

* security * performance * simplicity

There are about 7 contributors to the Java version, and we would appreciate as many as we can get!