Difference between revisions of "Projects/OWASP Java HTML Sanitizer Project"

Jump to: navigation, search
m (Questions)
(Project Info)
Line 45: Line 45:
| links_name2 = http://code.google.com/p/owasp-java-html-sanitizer/wiki/Maven
| links_name2 = http://code.google.com/p/owasp-java-html-sanitizer/wiki/Maven
| release_1 = We are currently at Alpha right now - but will be production ready and soon.
| release_1 = Releases/Release_v135
| release_2 =  
| release_2 =  
| release_3 =
| release_3 =

Revision as of 23:40, 28 December 2012

Project Info

What does this OWASP project offer you?
What releases are available for this project?
what is this project?
Name: OWASP Java HTML Sanitizer (home page)
  • The OWASP Java HTML Sanitizer Project is a fast and easy to configure HTML Sanitizer written in Java which lets you include HTML authored by third-parties in your web application while protecting against XSS.
  • This code was written with security best practices in mind, has an extensive test suite, and has undergone adversarial security review https://code.google.com/p/owasp-java-html-sanitizer/wiki/AttackReviewGroundRules.
  • The existing dependencies are on guava and JSR 305. The JSR 305 dependency is a compile-only dependency, only needed for annotations. The other jars are only needed by the unittests.
  • Provides 4X the speed of AntiSamy sanitization in DOM mode and 2X the speed of AntiSamy in SAX mode.
  • Very easy to use. It allows for simple programmatic POSITIVE policy configuration (see below). No XML config.
  • Actively maintained by Mike Samuel from Google's AppSec team!
  • Passing 95+% of AntiSamy's unit tests plus many more.
  • This is code from the Caja project that was donated by Google. It is rather high performance and low memory utilization.
  • Java 1.5+
License: New BSD License
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
  • Contact Mike Samuel @ to contribute to this project
  • Contact Mike Samuel @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
For more information goto https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project.
last reviewed release
Not Yet Reviewed

other releases