Best way to contribute code?
29 views
Skip to first unread message
Trent Miller
Feb 4, 2019, 3:28:43 PM2/4/19
to OWASP Java HTML Sanitizer Support
Hello, I recently wrote a custom HtmlStreamEventReceiver for exposing punycode that may be used in a homograph attack (https://en.wikipedia.org/wiki/IDN_homograph_attack), and I thought it may be of value to others, but I was unsure what the best way to contribute would be. Would you like me to just make a fork and PR, or is there typically some discussion beforehand about what and how to contribute?
A few questions I had prior to a PR are whether the punycode sanitizer would be preferred as a code example, or HtmlPolicyBuilder. I was also wondering what the appropriate Copyright would be if it was an example. Should they be copyrighted 2019, Mike Samuel?
Thank you!
Mike Samuel
Feb 4, 2019, 3:37:54 PM2/4/19
to OWASP Java HTML Sanitizer Support
On Mon, Feb 4, 2019 at 3:28 PM Trent Miller <tre...@gmail.com> wrote:
Hello, I recently wrote a custom HtmlStreamEventReceiver for exposing punycode that may be used in a homograph attack (https://en.wikipedia.org/wiki/IDN_homograph_attack), and I thought it may be of value to others, but I was unsure what the best way to contribute would be. Would you like me to just make a fork and PR, or is there typically some discussion beforehand about what and how to contribute?
Cool!
I'm happy to take a look before you put together a PR.
Might this make sense as part of https://github.com/OWASP/url-classifier ? Should AuthorityClassifierBuilder produce classifiers that reject domain names that fail the homograph check by default?
A few questions I had prior to a PR are whether the punycode sanitizer would be preferred as a code example, or HtmlPolicyBuilder. I was also wondering what the appropriate Copyright would be if it was an example. Should they be copyrighted 2019, Mike Samuel?
The copyright should be assigned to you or the organization that is contributing the code.
--Thank you!
You received this message because you are subscribed to the Google Groups "OWASP Java HTML Sanitizer Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-java-html-saniti...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages