0

There are known XSS attacks like:

<DIV STYLE="color: red; width: expression(alert('XSS')); background-image: url('expression.png') ">

Or

<DIV STYLE="background-image: url(javascript:alert('XSS'));  border-image: url(images/javascript.png) 30 round round;">

Or

<META HTTP-EQUIV=Refresh CONTENT="1; URL=javascript:alert(/xxs/.source)">empty

And i need to sanitize html to this:

<DIV STYLE="color: red; background-image: url('expression.png') ">

Or

<DIV STYLE="border-image: url(images/javascript.png) 30 round round;">

Or

empty

Is there java library, that provide such protections?

Improve this question

1 Answer 1

Reset to default
1

This one for sure: https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project

and maybe this one (faster): https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I tried AntiSamy and it is almost work, however i get one very strange behavior of the library. I have created question, but there is no answer yet: stackoverflow.com/questions/19343035 I thnk you can know answer, so asking you directy =D

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.