Blog About Contact

HTML Sanitizer added to visural-common...

Published Mon, 22 Mar 2010

Cleaning HTML input to protect against cross site scripting (XSS) attacks is never fun. Doing some searching for a suitable Java-based sanitizing tool came up with a few candidates - the OWASP AntiSamy seems like the most fully featured one, and a good one if you need a less-restrictive policy that is still safe.

I wanted something more light-weight though, and stumbled across this.

Given the licensing I was able to integrate it into visural-common without problems. The only issue is that it has a dependency on the Jakarta ORO libraries for Perl-like regex's. Fortunately the Wicket devs have already done the hard-lifting with their version of the UrlValidator class which has been modified to use Java regex's.

So with 2 simple classes you can HtmlSanitizer.sanitize("<p>your html!</p>");

About the Author

Richard Nichols is an Australian software engineer with a passion for making things.

Follow him on twitter or subscribe by RSS or email.

You might also enjoy reading -

Discuss / Comment

No one has commented yet.

Add a comment

  • {{e.error}}

Thanks for your comment!/

Valid email address required.
Posting message, please wait...