0

There are known XSS attacks like:

<DIV STYLE="color: red; width: expression(alert('XSS')); background-image: url('expression.png') ">

Or

<DIV STYLE="background-image: url(javascript:alert('XSS'));  border-image: url(images/javascript.png) 30 round round;">

Or

<META HTTP-EQUIV=Refresh CONTENT="1; URL=javascript:alert(/xxs/.source)">empty

And i need to sanitize html to this:

<DIV STYLE="color: red; background-image: url('expression.png') ">

Or

<DIV STYLE="border-image: url(images/javascript.png) 30 round round;">

Or

empty

Is there java library, that provide such protections?

msangel
  • 9,895
  • 3
  • 50
  • 69

1 Answers1

1

This one for sure: https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project

and maybe this one (faster): https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project

Erlend
  • 4,336
  • 22
  • 25
  • I tried AntiSamy and it is almost work, however i get one very strange behavior of the library. I have created question, but there is no answer yet: http://stackoverflow.com/questions/19343035 I thnk you can know answer, so asking you directy =D – msangel Oct 21 '13 at 07:22