Welcome! » Log In » Create A New Profile

OWASP Enterprise Security API

Posted by songoku 
OWASP Enterprise Security API
July 16, 2011 06:42AM

hi you compare Html Purifier with OWASP AntiSammy, but not with OWASP Enterprise Security API. what's the deal? are these not the same things, HtmlPurifier and OWASP Enterprise Security API?

Re: OWASP Enterprise Security API
July 17, 2011 09:36AM

It's been a while since I've looked at OWASP. Where do they describe their implementation of HTML sanitization?

Re: OWASP Enterprise Security API
July 17, 2011 06:21PM

hi

i'm not sure i can answer you because i have yet to understand the OWASP solution to sanitation. but there appear to be something pointing that way, brought to my attention by this post:

http://jackwillk.blogspot.com/2010_06_01_archive.html

Re: OWASP Enterprise Security API
July 17, 2011 07:06PM

I suspect HTML Purifier is not really comparable to this. If I have some free time I'll do some spelunking.

Re: OWASP Enterprise Security API
August 05, 2011 11:58PM

regarding the OWASP API, it is an escaping library. the website below distinguishes filtering and escaping, and the API is an escaping library and HTMLPurifier is a filter, so yeah, two diferent things acunetix.com/blog/web-security-zone/articles/preventing-xss-attacks/ regards

Sorry, you do not have permission to post/reply in this forum.