You may be thinking, “what the hell happened to 1.4?” A few things. First, I had a baby. That was really hard.
Then, we were trying to manage all the logistics of moving to a new project structure during our 1.4 release cycle and during that time we added some really important stuff. So, AntiSamy 1.4.1 is out today! New features from 1.4 and 1.4.1:
- Full Maven support. We’re hosted in the Sonatype OSS repository! Here’s an example dependency to put into your pom for including AntiSamy in your project.
- Added an experimental SAX version of AntiSamy. This is so huge. It’s an optional alternative method of cleaning the user’s input. It’s way faster (50%) and consumes far less memory. It’s still considered experimental even though all our test cases pass against it because it’s not time or community tested yet. Anybody looking to test can browse over to the test page to provide feedback. It’s practically no different to invoke: instead of
AntiSamy.scan(String,*,AntiSamy.SAX). Default is still to use DOM-based scanning, our old tried-and-true method. One day, hopefully we’ll default to SAX.
- Proper support for name/value attributes in <param> tags (see the
validateParamAsEmbeddirective and Erik’s explanation of the problem it solves)
noFollowAnchorsdirective which programmatically adds
rel='nofollow'to all links parsed by AntiSamy
- Added safe support for comments (we’re trying to allow normal comments and prevent IE’s conditional comments)
There were also a number of bug fixes, code improvements and cleanups. This release was not possible without hard work by the following folks:
- Jonathan Irving, who is a good engineer, project manager, and is way helpful and patient with my well-established personality shortcomings.
- Erik Innocent, a real-life AntiSamy pioneer who is making sure its real-world capability stays in line with its promise.
- Fernando Padilla, our resident Maven guru (and good guy).
- Finally, Lars Trieloff, who submitted a SAX patch that became the template for our SAX scanning option (congrats on the newborn, too!).
If you’re looking for work for your summer intern, we could really use better documentation for AntiSamy, inside and outside of the code. Thanks to everyone involved for making this release our best ever. AntiSamy is now faster, more easily integrated into a project, and hopefully still as safe as ever.
See you after the World Cup!