antisamy
Used in:
components
- OverviewOverview
- VersionsVersions
- DependentsDependents
- DependenciesDependencies
<dependency>
<groupId>org.owasp.antisamy</groupId>
<artifactId>antisamy</artifactId>
<version>1.7.8</version>
</dependency><project xmlns="https://maven.apache.org/POM/4.0.0" xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://maven.apache.org/POM/4.0.0 https://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.owasp.antisamy</groupId>
<artifactId>antisamy</artifactId>
<packaging>jar</packaging>
<version>1.7.8</version>
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>ossrh</id>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
<name>OWASP AntiSamy</name>
<description>A library for performing fast, configurable cleansing of HTML coming from untrusted sources.</description>
<url>https://github.com/nahsra/antisamy</url>
<inceptionYear>2010</inceptionYear>
<developers>
<developer>
<id>nahsra</id>
<name>Arshan Dabirsiaghi</name>
<email>arshan.dabirsiaghi@gmail.com</email>
<roles>
<role>Project Creator</role>
<role>Original Project Leader</role>
</roles>
</developer>
<developer>
<id>davewichers</id>
<name>Dave Wichers</name>
<email>dave.wichers@owasp.org</email>
<roles>
<role>Primary Maintainer</role>
</roles>
</developer>
<developer>
<id>spassarop</id>
<name>Sebastian Passaro</name>
<email>sebastian.passaro@owasp.org</email>
<roles>
<role>XSS Technical Expert</role>
<role>Committer</role>
</roles>
</developer>
</developers>
<organization>
<name>OWASP Foundation</name>
<url>https://owasp.org/</url>
</organization>
<licenses>
<license>
<name>BSD 3</name>
<url>https://opensource.org/licenses/BSD-3-Clause</url>
</license>
</licenses>
<scm>
<connection>scm:git:git@github.com:nahsra/antisamy.git</connection>
<url>scm:git:git@github.com:nahsra/antisamy.git</url>
<developerConnection>scm:git:git@github.com:nahsra/antisamy.git</developerConnection>
</scm>
<properties>
<fluido.version>2.1.0</fluido.version>
<gpg.skip>true</gpg.skip><!-- by default skip gpg -->
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.build.outputTimestamp>2025-05-07T19:56:02Z</project.build.outputTimestamp>
<project.java.target>1.8</project.java.target>
<version.findsecbugs>1.14.0</version.findsecbugs>
<version.slf4j>2.0.17</version.slf4j>
<version.spotbugs.maven>4.9.3.0</version.spotbugs.maven>
<version.spotbugs>4.9.3</version.spotbugs>
</properties>
<profiles>
<profile>
<id>release</id>
<properties>
<gpg.skip>false</gpg.skip>
</properties>
</profile>
</profiles>
<dependencies>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.19.0</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents.client5</groupId>
<artifactId>httpclient5</artifactId>
<version>5.4.4</version>
<exclusions>
<!-- exclude this old version as we directly import a newer one -->
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
<!-- exclude this slightly older version as we directly import a newer one -->
<exclusion>
<groupId>org.apache.httpcomponents.core5</groupId>
<artifactId>httpcore5</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents.core5</groupId>
<artifactId>httpcore5</artifactId>
<version>5.3.4</version>
</dependency>
<dependency>
<groupId>org.apache.xmlgraphics</groupId>
<artifactId>batik-css</artifactId>
<version>1.19</version>
<exclusions>
<!-- exclude this old version as we directly import a newer one -->
<exclusion>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.htmlunit</groupId>
<artifactId>neko-htmlunit</artifactId>
<version>4.11.0</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>${version.slf4j}</version>
</dependency>
<!-- While Java 7+ includes Xerces in the JRE, it apparently doesn't provide all the features we use that are in the 3rd party version.
So we import it directly. -->
<dependency>
<!-- NOTE: Upgrading to neko-htmlunit:2.68.0+ introduces a replacement for most of Xerces, which hasn't been maintained in years..
To use the 'new' Xerces I had to replace all import org.apache.xerces.* with: import net.sourceforge.htmlunit.xerces.*. However, we can't yet
drop this Xerces import because AntiSamy still uses org.apache.xml.serialize, which is provided by Xerces as mentioned here: https://github.com/HtmlUnit/htmlunit-neko/issues/17.
Some advice from the Neko maintainer on how to get rid of this dependency is: "The tricky part is the use of org.apache.xml.serialize.HTMLSerializer
and org.apache.xml.serialize.HTMLSerializer. This is Xerces core functionality directly used by your application - nothing that neko ever has
provided. So you have to find your own replacement. Regarding HTMLSerializer there is a hint in the javadoc - This class was deprecated in Xerces
2.6.2. It is recommended that new applications use JAXP's Transformation API for XML (TrAX) for serializing HTML. See the Xerces documentation
for more information." -->
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
<version>2.12.2</version>
</dependency>
<dependency>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
<!-- Note that there is a 2.0.2 version of this, but it is actually much older than 1.4.01. -->
<version>1.4.01</version>
</dependency>
<dependency>
<groupId>xml-apis</groupId>
<artifactId>xml-apis-ext</artifactId>
<version>1.3.04</version>
</dependency>
<!-- SpotBugs dependencies -->
<dependency>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-annotations</artifactId>
<version>${version.spotbugs}</version>
<optional>true</optional>
</dependency>
<!-- Test dependencies -->
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.18.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.13.2</version>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-core</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest</artifactId>
<version>3.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>${version.slf4j}</version>
<scope>test</scope>
</dependency>
<!-- without this import you get: SLF4J: Defaulting to no-operation (NOP) logger implementation -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
<version>${version.slf4j}</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<version>3.7.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>3.8.1</version>
<configuration>
<usedDependencies>
<dependency>commons-io:commons-io</dependency>
<dependency>org.slf4j:jcl-over-slf4j</dependency>
<dependency>org.slf4j:slf4j-simple</dependency>
</usedDependencies>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.11.2</version>
<configuration>
<!-- supports reproducibility of generated Javadocs -->
<notimestamp>true</notimestamp>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>3.1.1</version>
</plugin>
</plugins>
</pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-clean-plugin</artifactId>
<version>3.4.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.14.0</version>
<configuration>
<source>${project.java.target}</source>
<target>${project.java.target}</target>
<testSource>${project.java.target}</testSource>
<testTarget>${project.java.target}</testTarget>
<compilerArgument>
<!-- Eventual desire is to use -Xlint:all -->
-Xlint:unchecked
</compilerArgument>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<version>3.1.4</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.5.0</version>
<dependencies>
<dependency>
<groupId>org.codehaus.mojo</groupId>
<artifactId>extra-enforcer-rules</artifactId>
<version>1.10.0</version>
</dependency>
<dependency>
<groupId>org.codehaus.mojo</groupId>
<artifactId>animal-sniffer-enforcer-rule</artifactId>
<version>1.24</version>
</dependency>
</dependencies>
<executions>
<execution>
<id>enforce-bytecode-version</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<enforceBytecodeVersion>
<maxJdkVersion>${project.java.target}</maxJdkVersion>
<ignoreOptionals>true</ignoreOptionals>
<ignoredScopes>test</ignoredScopes>
<message>Dependencies shouldn't require Java 9+.</message>
</enforceBytecodeVersion>
<requireMavenVersion>
<version>3.3.9</version>
</requireMavenVersion>
</rules>
<fail>true</fail>
</configuration>
</execution>
<execution>
<id>enforce-jdk-version</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<requireJavaVersion>
<version>${project.java.target}</version>
<message>AntiSamy source code shouldn't require Java 9+.</message>
</requireJavaVersion>
</rules>
</configuration>
</execution>
<execution>
<id>check-java7API-signatures</id>
<phase>compile</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<checkSignatureRule
implementation="org.codehaus.mojo.animal_sniffer.enforcer.CheckSignatureRule">
<signature>
<groupId>org.codehaus.mojo.signature</groupId>
<!-- Check against Java 7 API -->
<artifactId>java17</artifactId>
<version>1.0</version>
</signature>
</checkSignatureRule>
</rules>
</configuration>
</execution>
</executions>
</plugin>
<plugin> <!-- This plugin is disabled by default. Invoke the release profile (-Prelease) to enable it. -->
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>3.2.7</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<version>3.1.4</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>3.4.2</version>
<configuration>
<archive>
<manifest>
<mainClass>org.owasp.validator.html.AntiSamy</mainClass>
<packageName>org.owasp.validator.html</packageName>
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
<classpathPrefix />
</manifest>
</archive>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<executions>
<execution>
<id>attach-javadocs</id>
<phase>package</phase>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jxr-plugin</artifactId>
<version>3.6.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>3.26.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-project-info-reports-plugin</artifactId>
<version>3.9.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>3.3.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-site-plugin</artifactId>
<version>3.21.0</version>
<dependencies>
<!-- Explicitly declare these dependencies so the versions plugin and library bots will flag available updates. The fluido-skin
plugin is referenced in src/site/site.xml using the same fluido version property. -->
<dependency>
<groupId>org.apache.maven.skins</groupId>
<artifactId>maven-fluido-skin</artifactId>
<version>${fluido.version}</version>
</dependency>
</dependencies>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>3.3.1</version>
<executions>
<execution>
<id>attach-sources</id>
<phase>package</phase>
<goals>
<goal>jar-no-fork</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.5.3</version>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>2.18.0</version>
</plugin>
<plugin>
<groupId>org.cyclonedx</groupId>
<artifactId>cyclonedx-maven-plugin</artifactId>
<version>2.9.1</version>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>makeBom</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.13</version>
<executions>
<execution>
<id>prepare-agent</id>
<goals>
<goal>prepare-agent</goal>
</goals>
</execution>
<execution>
<id>report</id>
<phase>test</phase>
<goals>
<goal>report</goal>
</goals>
</execution>
<execution>
<id>jacoco-check</id>
<phase>test</phase>
<goals>
<goal>check</goal>
</goals>
<configuration>
<haltOnFailure>false</haltOnFailure>
<rules>
<rule>
<element>CLASS</element>
<limits>
<limit>
<counter>METHOD</counter>
<value>MISSEDCOUNT</value>
<maximum>0</maximum>
</limit>
</limits>
</rule>
</rules>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.diffplug.spotless</groupId>
<artifactId>spotless-maven-plugin</artifactId>
<!-- This is the last version that supports Java 8. 2.31.0+ requires Java 11. -->
<version>2.30.0</version>
<configuration>
<!-- optional: limit format enforcement to just the files changed by this feature branch -->
<ratchetFrom>origin/main</ratchetFrom>
<formats>
<!-- you can define as many formats as you want, each is independent -->
<format>
<!-- define the files to apply to -->
<includes>
<include>*.md</include>
</includes>
<excludes>
<exclude>target/**/*.*</exclude>
</excludes>
<!-- define the steps to apply to those files -->
<trimTrailingWhitespace />
<endWithNewline />
<indent>
<tabs>false</tabs>
<spaces>true</spaces>
<spacesPerTab>4</spacesPerTab>
</indent>
</format>
<format>
<includes>
<include>**/*.xml</include>
</includes>
<excludes>
<exclude>target/**/*.*</exclude>
</excludes>
<eclipseWtp>
<type>XML</type>
<files>
<file>DevStyleXml.prefs</file>
</files>
</eclipseWtp>
</format>
</formats>
<!-- define a language-specific format -->
<java>
<importOrder /> <!-- standard import order -->
<removeUnusedImports /> <!-- self-explanatory -->
<toggleOffOn /> <!-- enable spotless override tags -->
<!-- apply a specific flavor of google-java-format -->
<googleJavaFormat>
<version>1.7</version>
<style>GOOGLE</style>
<groupArtifact>com.google.googlejavaformat:google-java-format</groupArtifact>
</googleJavaFormat>
</java>
</configuration>
<executions>
<execution>
<id>spotless-apply</id>
<phase>compile</phase>
<goals>
<goal>apply</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>${version.spotbugs.maven}</version>
<dependencies>
<!-- Overwrite dependency on SpotBugs if you want to specify the version of SpotBugs. SpotBugs itself is frequently several
versions ahead of the spotbugs-maven-plugin -->
<dependency>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs</artifactId>
<version>${version.spotbugs}</version>
</dependency>
</dependencies>
</plugin>
<plugin>
<groupId>com.h3xstream.findsecbugs</groupId>
<artifactId>findsecbugs-plugin</artifactId>
<version>${version.findsecbugs}</version>
</plugin>
</plugins>
</build>
<reporting>
<!-- All plugins used here should first be declared in the <plugins> section above with their versions, so the versions get reported
in the plugins Updates report. -->
<plugins>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<configuration>
<plugins>
<plugin>
<groupId>com.h3xstream.findsecbugs</groupId>
<artifactId>findsecbugs-plugin</artifactId>
<version>${version.findsecbugs}</version>
</plugin>
</plugins>
<effort>Max</effort>
<relaxed>false</relaxed>
<excludeFilterFile>src/test/spotbugsFilterFile.xml</excludeFilterFile>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jxr-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<configuration>
<targetJdk>${project.java.target}</targetJdk>
<sourceEncoding>utf-8</sourceEncoding>
<!-- excludeFromFailureFile>exclude-pmd.properties</excludeFromFailureFile -->
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-project-info-reports-plugin</artifactId>
<reportSets>
<reportSet>
<reports>
<report>index</report>
<report>dependency-convergence</report>
</reports>
</reportSet>
</reportSets>
<configuration>
<dependencyLocationsEnabled>false</dependencyLocationsEnabled>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<reportSets>
<reportSet>
<reports>
<report>dependency-updates-report</report>
<report>plugin-updates-report</report>
<report>property-updates-report</report>
</reports>
</reportSet>
</reportSets>
</plugin>
<plugin>
<!-- This causes the Jacoco report generated during test to be added to the Project Reports section of the 'site' report. -->
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<reportSets>
<reportSet>
<reports>
<report>report</report>
</reports>
</reportSet>
</reportSets>
</plugin>
</plugins>
</reporting>
</project>
Open source consumption has exploded, with estimates placing this year’s downloads at over 6.6 trillion. This reliance on open source components, now making up to 90% of the modern software application, has ushered in both unprecedented innovation and complex challenges for software supply chains.
View the Report