tag:blogger.com,1999:blog-13756280.post3605970063851872892..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: Introducing AntiSamyJeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-13756280.post-62080372003138219912010-08-21T05:29:03.412-07:002010-08-21T05:29:03.412-07:00What about cross site scripting filtering for user...What about cross site scripting filtering for user HTML/CSS in classic ASP? Antisamy .NET and java can not be implemented there :(Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-21259251448438309112007-11-29T17:49:00.000-08:002007-11-29T17:49:00.000-08:00kuza55, htmlpurifier? php security? *cough, cough*...kuza55, htmlpurifier? php security? *cough, cough*<BR/><BR/>Um, the greatest feature of AntiSammy is that it's for Java. PHP and security do not belong in the same sentence unless you are discussing just how in_secure PHP is at its core.Jim Manicohttps://www.blogger.com/profile/12382834501997208557noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-28408186865010432822007-11-29T17:44:00.000-08:002007-11-29T17:44:00.000-08:00"The difference is there hasn’t been an alternativ..."The difference is there hasn’t been an alternative to rolling your own so far."<BR/><BR/>Actually, HTML Purifier (http://htmlpurifier.org/) has been in existance for a while now, and I don't know of anything that has managed to bypass it yet. But its for PHP, rather than Java.kuza55https://www.blogger.com/profile/03932544559060480887noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-91342244799928708642007-11-28T20:43:00.000-08:002007-11-28T20:43:00.000-08:00You definitely got my interest, Arshan. Good job. ...You definitely got my interest, Arshan. Good job. I'm going to be keeping an eye on this for use at some of my SUN/CodeMagi projects once it reaches maturity. I also believe this as has the potential to reach widespread use. Most XSS guidelines I have read completely ignore the fact that many modern sites need to accept and *render* markup code provided my a user, safely. This is the first large OSS project to address this critical need. Schweet!Jim Manicohttps://www.blogger.com/profile/12382834501997208557noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-72086670651395078512007-11-28T18:59:00.000-08:002007-11-28T18:59:00.000-08:00Alex: though some people may find that useful, thi...Alex: though some people may find that useful, this is nothing like that. Go check out the project - I need some smart PHP to help out!Arshan Dabirsiaghihttps://www.blogger.com/profile/17228728745073712711noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-69731979324326849502007-11-28T17:49:00.000-08:002007-11-28T17:49:00.000-08:00Sounds like something similar to PHPIDS (www.phpid...Sounds like something similar to PHPIDS (www.phpids.org). PHPIDS does not work like a filter, but it can inform the application about the performed attack. If PHPIDS starts claiming about something at - let's say - a specified level, you can drop the whole data/string/request/...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-24970211487351235172007-11-28T11:26:00.000-08:002007-11-28T11:26:00.000-08:00Maybe, but it's weird - I always thought of myself...Maybe, but it's weird - I always thought of myself as the nemesis for different reasons. There should be a challenge on your site, who can summarize the infosec culture the bes t in 1 sentence. I want to have a while to think before I put in my entry. ;pAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-35151155256316699162007-11-28T10:33:00.000-08:002007-11-28T10:33:00.000-08:00That kind of summarized the infosec culture doesn'...That kind of summarized the infosec culture doesn't it? :)Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-45911008308107503462007-11-28T10:30:00.000-08:002007-11-28T10:30:00.000-08:00Watch out for a new line of "Samy is my hero" / "A...Watch out for a new line of "Samy is my hero" / "Arshan is my nemesis" t-shirtsAnonymousnoreply@blogger.com