owaspantisamy - The OWASP AntiSamy project is an API for safely allowing users to supply their own HTML and CSS without exposure to XSS vulnerabilities.

Project Information

Project feeds
Code license
New BSD License
Labels
webappsec, owasp, j2ee, api, xss, cross-sitescripting, csrf, aspectsecurity, i8jesus.com, i8jesus, appsec, appsec, java, library

Members

arshan.d...@gmail.com

4 committers
5 contributors

Featured

Downloads

Arshan Dabirsiaghi - Towards Malicious Code Detection and Removal.PDF
OWASP Fall 2007 San Jose - Anti Samy.pptx
Show all »

Wiki pages

Contributors
Show all »

Links

Blogs
Author Homepage
Project Homepage
External links
OWASP

Welcome to the distribution repository for the OWASP AntiSamy project. AntiSamy is a collection of APIs for safely allowing users to supply their own HTML and CSS without exposing the site to XSS vulnerabilities.

The methodology of AntiSamy is unique in that it is built on a positive security model in both the format of the HTML document and the content within the document. It's also unique in that it attempts to help the user tune their input to pass validation in a cooperative spirit, rather than treating users as potential attackers which is how all contemporary security mechanisms work.