programmer
Reputation: 165
How to sanitize URL-escaped String in Java?
I am using org.owasp.html.PolicyFactory class to build my policy. It sanitizes text like
<script>alert(...);</script>
but does nothing with text like
%3cscript%3ealert(...)%3c/script%3e
One solution is to decode text first:
URLDecoder.decode(oldValue, StandardCharsets.UTF_8)
but I don't know is it the right way to do it, what bugs can appear, in what cases the exceptions will be thrown, etc. Does OWASP library supports such feature?
Upvotes: 1
Views: 1224
Answers (0)
Related Questions
- How do I efficiently iterate over each entry in a Java Map?
- How do I avoid checking for nulls in Java?
- How to get an enum value from a string value in Java
- How do I read / convert an InputStream into a String in Java?
- Is Java "pass-by-reference" or "pass-by-value"?
- How can I create a memory leak in Java?
- How do I generate random integers within a specific range in Java?
- What are the differences between a HashMap and a Hashtable in Java?
- How do I convert a String to an int in Java?
- Why is char[] preferred over String for passwords?