HTML Sanitizer added to visural-common...
Published Mon, 22 Mar 2010
Cleaning HTML input to protect against cross site scripting (XSS) attacks is never fun. Doing some searching for a suitable Java-based sanitizing tool came up with a few candidates - the OWASP AntiSamy seems like the most fully featured one, and a good one if you need a less-restrictive policy that is still safe.
I wanted something more light-weight though, and stumbled across this.
Given the licensing I was able to integrate it into visural-common without problems. The only issue is that it has a dependency on the Jakarta ORO libraries for Perl-like regex's. Fortunately the Wicket devs have already done the hard-lifting with their version of the UrlValidator class which has been modified to use Java regex's.
So with 2 simple classes you can HtmlSanitizer.sanitize("<p>your html!</p>");
About the Author
Richard Nichols is an Australian software engineer with a passion for making things.
You might also enjoy reading -
- visural-wicket 0.6.5 release is available!
- visural-wicket 0.5 released - ready for action!
- 301 Redirects Made Easy In Java
- Detecting Which Browser In Java Servlet/Filter