Channa,
Are there new tests that you want me to do around the new approach ? Or
can I do a regression run over same functionality..?
Yumani
Channa Gunawardena wrote:
Hi All,
I've taken out the basic and restrictive JavaScript sanitation I had
used for bio and comments earlier, and provided a sanitizeHtml method
in the MashupUtils class which actually wraps AntiSamy
(http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project) a
profile based HTML sanitation tool, which is BSD licensed.
This was pretty much the best sanitation tool I found out there with
the features and license we need. All the dependant jars it added to
our distro are apache licensed, but it does add 3 jars, along with
it's own code, for a total of 468K. Seems pretty big just to sanitize
HTML, but with AntiSamy we (and any ultimate user), can change the
policy XML file in the config directory to make the sanitation as open
or as paranoid as necessary.
If the increase in download size seems too large and the solution
seems to be an overkill, we can actually remove AntiSamy and implement
our own Java based logic in the sanitizeHtml method, but I personally
would prefer to stay with this.
Bye,
Channa.
begin:vcard
fn:Yumani Ranaweera
n:Ranaweera;Yumani
email;internet:[EMAIL PROTECTED]
tel;cell:077 7795242
x-mozilla-html:TRUE
version:2.1
end:vcard
_______________________________________________
Mashup-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/mashup-dev
