The OWASP AntiSamy Project version 1.2 is now available at its home in Google Code. The highlights of the upgrade from 1.1.1:

  • Internationalization of error messages. Japanese and German almost made the release, but for starters we’ve got the following:
    • English
    • Russian (Sergei Droganov)
    • Italian (Jerry Hoff)
    • Portuguese (Michael Coates)
    • Chinese (Weilin Zhong)
  • A number of bug fixes
  • A number of security issues fixed (reported and self-discovered – some diffs can lead you to the unreported ones =])
  • Added a Policy.getInstance() method that takes an InputStream
  • Added a constructor for the main AntiSamy class that takes a Policy object for repeated use
  • Added a new policy directive to prevent output formatting
  • Added a test suite for regression testing
  • Cleared up the “standalone” issue; the antisamy-bin-1.2.jar no longer contains any supporting libraries to avoid classpath hell
  • We have an antisamy-requried-libs-1.2.zip that contains all the required libraries for your convenience

We’re always looking for features, bugs and improvement ideas – so share your thoughts on the mailing list or on the issues page! Special thanks on this release to Sergei Droganov who is going to provide some official ColdFusion support for AntiSamy in the future, and also to J. Irving who did some valuable testing and is going to become a regular contributer.

Til next version!