HTML Sanitizer added to visural-common…

Posted on March 22, 2010 by Richard Nichols

Cleaning HTML input to protect against cross site scripting (XSS) attacks is never fun. Doing some searching for a suitable Java-based sanitizing tool came up with a few candidates – the OWASP AntiSamy seems like the most fully featured one, and a good one if you need a less-restrictive policy that is still safe.

I wanted something more light-weight though, and stumbled across this.

Given the licensing I was able to integrate it into visural-common without problems. The only issue is that it has a dependency on the Jakarta ORO libraries for Perl-like regex’s. Fortunately the Wicket devs have already done the hard-lifting with their version of the UrlValidator class which has been modified to use Java regex’s.

So with 2 simple classes you can HtmlSanitizer.sanitize(“<p>your html!</p>”);

Related posts:

  1. visural-wicket 0.6.5 release is available!
  2. Announcing – visural-wicket
  3. visural-wicket 0.7.0 release with support for Wicket 1.5
  4. visural-wicket 0.5 released – ready for action!
  5. visural-wicket 0.6 released – lots of new components!

This entry was posted in Java, Software Engineering and tagged Java, open-source, security, visural-common, web, wicket, xss. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>