andresriancho / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
12 stars 15 forks source link

Remove Xerces dependency? #153

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
I was wondering how easy it would be to remove the dependency to the Apache 
Xerces parser?

Perhaps use the parser now supplied in Java itself?

I am looking at the source myself but am not familiar at all with the xerces 
api, so I thought I would just post this in case someone has a quick answer.

The reason I am asking this is because Java 7 has apparently changed the 
classloading scheme and web apps that don't use AntiSAMY are somehow now 
crossing the classloader boundary and demanding the xerces parser that is in 
other web apps (because AntiSAMY is in those webapps).

The app server is Tomcat (any version) but I don't think that is the problem.  
The problem, again, appears to be Java 7 itself.  Sorry for lack of details 
here.

Thanks.

Original issue reported on code.google.com by dmi...@gmail.com on 6 Feb 2013 at 5:11

GoogleCodeExporter commented 9 years ago
The change is not entirely trivial, since we'd need to switch some api's 
around, and the custom serialization uses logic not easily ported. I think it's 
a good idea though ;)

Original comment by kristian...@gmail.com on 14 Feb 2013 at 5:36