goodcui / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
0 stars 0 forks source link

Provide Programmatic Access to Policy File #39

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Policy object currently parses policy files.

This change will add the ability to serialize (output) policy files and
make changes to the policy programmatically.

Among other things, this will allow:
- JUnit test cases to be created against a policy file
- Automated creation of antisamy.xml derivative files (ex. myspace,
slashdot, etc).
- Programmatic API for policy modification (e.g., to use with a policy
editor GUI)

Original issue reported on code.google.com by li.jaso...@gmail.com on 17 Mar 2009 at 3:59

GoogleCodeExporter commented 9 years ago
I like the idea of a GUI. Right now it's really hard to look through the whole 
xml file, looking for tags, then their attributes, then their regex and to 
detect missing pieces when copying from one policy file to another. This would 
also allow non-developers to modify the rules, which is (usually) nice.

Original comment by vikstr...@gmail.com on 30 Jun 2011 at 3:58

GoogleCodeExporter commented 9 years ago
I don't think there are any roadblocks here:

1. There are getters and setters on all the Policy-related classes.
2. All the classes are public are concrete, and there's no use of factories or 
other implementation hiding tricks.

The auto creation of the example policy files would be nice for the AntiSamy 
developers, but I don't think that'll be an important use case for AntiSamy API 
users.

The creation of a GUI rule manager should be it's own request for enhancement, 
and one that we can probably tackle long term.

Original comment by arshan.d...@gmail.com on 16 Sep 2011 at 6:20