Difference between revisions of "Projects/OWASP Java HTML Sanitizer Project"

From OWASP
Jump to: navigation, search
m
(12 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Template:Project About
+
==== Project Info ====
 +
 
 +
{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Project About</noinclude>
  
 
| project_name = OWASP Java HTML Sanitizer
 
| project_name = OWASP Java HTML Sanitizer
Line 6: Line 8:
  
 
| project_description =  
 
| project_description =  
*This is a fast Java-based HTML Sanitizer which provides XSS protection.
+
*The OWASP Java HTML Sanitizer Project is a fast and easy to configure HTML Sanitizer written in Java which lets you include HTML authored by third-parties in your web application while protecting against XSS.
*This is code from the Caja project that was donated by Google. It is rather high performance and low memory utilization.
+
*This code was written with security best practices in mind, has an extensive test suite, and has undergone adversarial security review [https://code.google.com/p/owasp-java-html-sanitizer/wiki/AttackReviewGroundRules https://code.google.com/p/owasp-java-html-sanitizer/wiki/AttackReviewGroundRules].
*The existing dependencies are on guava and JSR 305. The other jars are only needed by the unittests. The JSR 305 dependency is a compile-only dependency, only needed for annotations.  
+
*The existing dependencies are on guava and JSR 305. The JSR 305 dependency is a compile-only dependency, only needed for annotations. The other jars are only needed by the unittests.  
*This code provides 4X the speed of AntiSamy sanitization in DOM mode and 2X the speed of AntiSamy in SAX mode
+
*Provides 4X the speed of AntiSamy sanitization in DOM mode and 2X the speed of AntiSamy in SAX mode.
 
*Very easy to use. It allows for simple programmatic POSITIVE policy configuration (see below). No XML config.
 
*Very easy to use. It allows for simple programmatic POSITIVE policy configuration (see below). No XML config.
*It does not suffer from the various security flaws that the Niko HTML parser brought with it
+
*Actively maintained by Mike Samuel from Google's AppSec team!
*Actively maintained by myself and Mike Samuel from Google's AppSec team
+
*Passing 95+% of AntiSamy's unit tests plus many more.
*Already passing 80% of AntiSamy's unit tests *plus many more*.
+
*This is code from the Caja project that was donated by Google. It is rather high performance and low memory utilization.
* Only 3 dependent jar files
+
*Java 1.5+
*This is a pure Java 6 project and does not support Java 5 or below ( Please note AntiSamy supports 1.4+ ).
+
 
+
  
 
| project_license = [http://www.opensource.org/licenses/bsd-license.php New BSD License]
 
| project_license = [http://www.opensource.org/licenses/bsd-license.php New BSD License]
  
| leader_name1 = Jim Manico
+
| leader_name1 = Mike Samuel
| leader_email1 = jim.manico@owasp.org
+
| leader_email1 = msamuel@google.com
| leader_username1 = Jmanico
+
| leader_username1 =
 +
 
 +
| leader_name2 = Jim Manico
 +
| leader_email2 = jim@owasp.org
 +
| leader_username2 = jmanico
  
 
| contributor_name[1-10] =  
 
| contributor_name[1-10] =  
Line 38: Line 42:
 
| links_url1 = https://code.google.com/p/owasp-java-html-sanitizer/
 
| links_url1 = https://code.google.com/p/owasp-java-html-sanitizer/
 
| links_name1 = https://code.google.com/p/owasp-java-html-sanitizer/
 
| links_name1 = https://code.google.com/p/owasp-java-html-sanitizer/
 +
| links_url2 = http://code.google.com/p/owasp-java-html-sanitizer/wiki/Maven
 +
| links_name2 = http://code.google.com/p/owasp-java-html-sanitizer/wiki/Maven
  
| links_url2 =
+
| release_1 = Release_v135
| links_name2 =
+
 
+
| release_1 = We are currently at Alpha right now - but will be production ready and soon.
+
 
| release_2 =  
 
| release_2 =  
 
| release_3 =
 
| release_3 =
 
| release_4 =
 
| release_4 =
 +
<!--- The line below is for GPC usage only. Please do not edit it --->
 +
| project_about_page = Projects/OWASP Java HTML Sanitizer Project
 +
 
}}
 
}}
 +
 +
==== Questions ====
 +
 +
*How was this project tested?
 +
**This code was written with security best practices in mind, has an extensive test suite, and has undergone [https://code.google.com/p/owasp-java-html-sanitizer/wiki/AttackReviewGroundRules adversarial security review].
 +
*How is this project deployed?
 +
**This project is best deployed through Maven [https://code.google.com/p/owasp-java-html-sanitizer/wiki/Maven https://code.google.com/p/owasp-java-html-sanitizer/wiki/Maven]
 +
__NOTOC__ <headertabs /> <br>

Revision as of 23:44, 28 December 2012

Project Info

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Java HTML Sanitizer (home page)
Purpose:
  • The OWASP Java HTML Sanitizer Project is a fast and easy to configure HTML Sanitizer written in Java which lets you include HTML authored by third-parties in your web application while protecting against XSS.
  • This code was written with security best practices in mind, has an extensive test suite, and has undergone adversarial security review https://code.google.com/p/owasp-java-html-sanitizer/wiki/AttackReviewGroundRules.
  • The existing dependencies are on guava and JSR 305. The JSR 305 dependency is a compile-only dependency, only needed for annotations. The other jars are only needed by the unittests.
  • Provides 4X the speed of AntiSamy sanitization in DOM mode and 2X the speed of AntiSamy in SAX mode.
  • Very easy to use. It allows for simple programmatic POSITIVE policy configuration (see below). No XML config.
  • Actively maintained by Mike Samuel from Google's AppSec team!
  • Passing 95+% of AntiSamy's unit tests plus many more.
  • This is code from the Caja project that was donated by Google. It is rather high performance and low memory utilization.
  • Java 1.5+
License: New BSD License
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
  • Contact Mike Samuel @ to contribute to this project
  • Contact Mike Samuel @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
For more information goto https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project.
last reviewed release
Not Yet Reviewed


other releases

Questions