lance-java
Reputation: 27996
Markup language for Java that is XSS safe
I'm writing a java webapp and I'd like to let my users enter text containing markup that is XSS / Cross-Site-Scripting safe. I'd like to save the user generated markup to a database and display it as HTML.
I am aware of markdown but this allows raw HTML to be entered which is not XSS safe.
Are there any wiki-like / markdown-like interpreters in java that are XSS safe? I'd also like to hear of any javascript / wysiwig editors that might help here.
Alternatively, are there any XSS filters in java that can sanitize HTML so that it is XSS safe.
Upvotes: 2
Views: 850
Answers (2)
Philip Tenn
Reputation: 6083
Take a look at JSoup, which allows you to specify a Whitelist: http://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer
Upvotes: 2
Related Questions
- How to sanitize HTML code in Java to prevent XSS attacks?
- Add XSS validations/ sanitize script tags in Java
- How to sanitize HTML code to prevent XSS attacks in Java or JSP?
- XSS prevention, minimal implementation
- XSS vulnerability in java
- Xss sanitization in java
- Safe html in java
- Java 5 HTML escaping To Prevent XSS
- Java website protection solutions (especially XSS)
- Is there Java counterpart for Aspnet 4's <%: %> XSS prevention?