Re: Safe way to display HTML user input

2017-02-09 Thread daniel simko 
Thank you Martin! This is exactly what I was looking for.

2017-02-09 13:03 GMT+01:00 Martin Grigorov <mgrigo...@apache.org>:

> Hi,
>
> Check https://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer
>
> Martin Grigorov
> Wicket Training and Consulting
> https://twitter.com/mtgrigorov
>
> On Thu, Feb 9, 2017 at 12:50 PM, daniel simko <dan.si...@gmail.com> wrote:
>
> > Hello,
> >
> > I would like to ask you whether there is some safe way how to display
> html
> > output from some rich editor (e.g. TinyMCE)? In order to display html it
> is
> > necessary to switch off model escaping [1] which is opening a door for
> XSS.
> > I was thinking about some converter [2] which would escape only JS
> related
> > stuff (e.g.

Safe way to display HTML user input

2017-02-09 Thread daniel simko 
Hello,

I would like to ask you whether there is some safe way how to display html
output from some rich editor (e.g. TinyMCE)? In order to display html it is
necessary to switch off model escaping [1] which is opening a door for XSS.
I was thinking about some converter [2] which would escape only JS related
stuff (e.g.