msangel
Reputation: 10377
sanitize HTML style tag in java to prevent javascript injection from WYSIWYG
There are known XSS attacks like:
<DIV STYLE="color: red; width: expression(alert('XSS')); background-image: url('expression.png') ">
Or
<DIV STYLE="background-image: url(javascript:alert('XSS')); border-image: url(images/javascript.png) 30 round round;">
Or
<META HTTP-EQUIV=Refresh CONTENT="1; URL=javascript:alert(/xxs/.source)">empty
And i need to sanitize html to this:
<DIV STYLE="color: red; background-image: url('expression.png') ">
Or
<DIV STYLE="border-image: url(images/javascript.png) 30 round round;">
Or
empty
Is there java library, that provide such protections?
Upvotes: 0
Views: 2121
Answers (1)
Erlend
Reputation: 4416
This one for sure: https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project
and maybe this one (faster): https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project
Upvotes: 1
Related Questions
- HTML-Entity escaping to prevent XSS
- XSS sanitizing nested html tags input
- How to sanitize HTML code in Java to prevent XSS attacks?
- Add XSS validations/ sanitize script tags in Java
- AntiSamy to prevent XSS in java?
- How to sanitize HTML code to prevent XSS attacks in Java or JSP?
- how to protect from XSS in WYSIWYG
- Safe html in java
- Sanitize CSS Using Java
- Java 5 HTML escaping To Prevent XSS