[SMX4-1540] Create OSGi bundle for antisamy 1.5.3
git-svn-id: https://svn.apache.org/repos/asf/servicemix/smx4/bundles/trunk/antisamy-1.5.3@1519141 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 0000000..e16a6bc
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+ <!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.apache.servicemix.bundles</groupId>
+ <artifactId>bundles-pom</artifactId>
+ <version>10</version>
+ <relativePath>../bundles-pom/pom.xml</relativePath>
+ </parent>
+
+ <groupId>org.apache.servicemix.bundles</groupId>
+ <artifactId>org.apache.servicemix.bundles.antisamy</artifactId>
+ <version>1.5.3_1-SNAPSHOT</version>
+ <packaging>bundle</packaging>
+ <name>Apache ServiceMix :: Bundles :: ${pkgArtifactId}</name>
+ <description>This OSGi bundle wraps ${pkgArtifactId} ${pkgVersion} jar file.</description>
+
+ <properties>
+ <pkgGroupId>org.owasp.antisamy</pkgGroupId>
+ <pkgArtifactId>antisamy</pkgArtifactId>
+ <pkgVersion>1.5.3</pkgVersion>
+ <servicemix.osgi.export.pkg>
+ org.owasp.validator
+ </servicemix.osgi.export.pkg>
+ <servicemix.osgi.import.pkg>
+ javax.xml*,
+ org.apache.batik.css.parser;resolution:=optional,
+ org.apache.commons.httpclient*;resolution:=optional,
+ org.apache.xerces*,
+ org.apache.xml.serialize,
+ org.cyberneko.html*;resolution:=optional,
+ org.w3c.css.sac;resolution:=optional,
+ org.w3c.dom,
+ org.xml.sax
+ </servicemix.osgi.import.pkg>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>${pkgGroupId}</groupId>
+ <artifactId>${pkgArtifactId}</artifactId>
+ <version>${pkgVersion}</version>
+ </dependency>
+
+ <!-- sources -->
+ <dependency>
+ <groupId>${pkgGroupId}</groupId>
+ <artifactId>${pkgArtifactId}</artifactId>
+ <version>${pkgVersion}</version>
+ <classifier>sources</classifier>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-shade-plugin</artifactId>
+ <executions>
+ <execution>
+ <phase>package</phase>
+ <goals>
+ <goal>shade</goal>
+ </goals>
+ <configuration>
+ <artifactSet>
+ <includes>
+ <include>${pkgGroupId}:${pkgArtifactId}</include>
+ </includes>
+ </artifactSet>
+ <filters>
+ <filter>
+ <artifact>${pkgGroupId}:${pkgArtifactId}</artifact>
+ <includes>
+ <include>*.xsd</include>
+ <include>*.properties</include>
+ </includes>
+ </filter>
+ </filters>
+ <promoteTransitiveDependencies>true</promoteTransitiveDependencies>
+ <createDependencyReducedPom>true</createDependencyReducedPom>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
\ No newline at end of file
diff --git a/src/main/resources/OSGI-INF/bundle.info b/src/main/resources/OSGI-INF/bundle.info
new file mode 100644
index 0000000..c98a7c0
--- /dev/null
+++ b/src/main/resources/OSGI-INF/bundle.info
@@ -0,0 +1,30 @@
+\u001B[1mSYNOPSIS\u001B[0m
+ ${project.description}
+
+ Original Maven URL:
+ \u001B[33mmvn:${pkgGroupId}/${pkgArtifactId}/${pkgVersion}\u001B[0m
+
+\u001B[1mDESCRIPTION\u001B[0m
+ The OWASP AntiSamy project is a few things. Technically, it is an API for ensuring user-supplied HTML/CSS is in
+ compliance within an application's rules. Another way of saying that could be: It's an API that helps you make
+ sure that clients don't supply malicious cargo code in the HTML they supply for their profile, comments, etc.,
+ that get persisted on the server. The term "malicious code" in regards to web applications usually mean
+ "JavaScript." Cascading Stylesheets are only considered malicious when they invoke the JavaScript engine. However,
+ there are many situations where "normal" HTML and CSS can be used in a malicious manner. So we take care of that
+ too.
+
+ Philosophically, AntiSamy is a departure from contemporary security mechanisms. Generally, the security mechanism
+ and user have a communication that is virtually one way, for good reason. Letting the potential attacker know
+ details about the validation is considered unwise as it allows the attacker to "learn" and "recon" the mechanism
+ for weaknesses. These types of information leaks can also hurt in ways you don't expect. A login mechanism that
+ tells the user, "Username invalid" leaks the fact that a user by that name does not exist. A user could use a
+ dictionary or phone book or both to remotely come up with a list of valid usernames. Using this information, an
+ attacker could launch a brute force attack or massive account lock denial-of-service. We get that.
+
+ Unfortunately, that's just not very usable in this situation. Typical Internet users are largely pretty bad when it
+ comes to writing HTML/CSS, so where do they get their HTML from? Usually they copy it from somewhere out on the web.
+ Simply rejecting their input without any clue as to why is jolting and annoying. Annoyed users go somewhere else to
+ do their social networking.
+
+\u001B[1mSEE ALSO\u001B[0m
+ \u001B[36mhttps://www.owasp.org/index.php/Antisamy\u001B[0m