Replace AntiSamy with HTML Santizer in HTMLValidationRule

[jackycct]

As a developer, I want to use HTML Santizer to validate HTML content

[kwwall]

A few things... I'm fine with making the OWASP Java HTML Sanitizer the default sanitizer, but we still have to leave the AntiSamy sanitizer in place as a alternate configuration, at least for a while. (We could consider deprecating it, but that's something that should be discussed on the ESAPI Dev and User Google groups.) For class libraries, maintaining backward compatibility is extremely important and we have to remember that there may be users who are using ESAPI's current AntiSamy sanitization but using it with a customized "antisamy-esapi.xml" file.

If you want this done though, I'd prefer that you accept a PR. Most of work has already been done in the 'kww-java-html-sanitizer' branch...it's just that that branch is 655 commits behind the 'develop' branch, so it needs to be brought up-to-date.

[kwwall]

@jackycct - I don't have time to do this, but if you are still interested, you might want to take a look at our GitHub branch 'kww-java-html-sanitizer'. It is quite old and 800+ commits behind the current 'develop' branch, but IIRC, most of it was there and was working. If you want to bring it up to date and make a PR, we can consider merging it in as long as it doesn't require any additional dependencies. (I started working on it at a time when it looked like AntiSamy was no longer going to be supported, but that has since then.) And I don't think we are likely to make the Java HTNL Sanitizer as a replacement for AntiSamy, but rather as an alternative. Let me know if you are interested in doing this as a PR (or know someone else who is willing), otherwise I am going to be closing this soon.