Re: Safe way to display HTML user input
For the history here is library: https://github.com/owasp/java-html-sanitizer Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Thu, Feb 9, 2017 at 11:28 PM, daniel simkowrote: > Thank you Martin! This is exactly what I was looking for. > > 2017-02-09 13:03 GMT+01:00 Martin Grigorov : > > > Hi, > > > > Check https://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer > > > > Martin Grigorov > > Wicket Training and Consulting > > https://twitter.com/mtgrigorov > > > > On Thu, Feb 9, 2017 at 12:50 PM, daniel simko > wrote: > > > > > Hello, > > > > > > I would like to ask you whether there is some safe way how to display > > html > > > output from some rich editor (e.g. TinyMCE)? In order to display html > it > > is > > > necessary to switch off model escaping [1] which is opening a door for > > XSS. > > > I was thinking about some converter [2] which would escape only JS > > related > > > stuff (e.g.
Re: Safe way to display HTML user input
Thank you Martin! This is exactly what I was looking for. 2017-02-09 13:03 GMT+01:00 Martin Grigorov: > Hi, > > Check https://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer > > Martin Grigorov > Wicket Training and Consulting > https://twitter.com/mtgrigorov > > On Thu, Feb 9, 2017 at 12:50 PM, daniel simko wrote: > > > Hello, > > > > I would like to ask you whether there is some safe way how to display > html > > output from some rich editor (e.g. TinyMCE)? In order to display html it > is > > necessary to switch off model escaping [1] which is opening a door for > XSS. > > I was thinking about some converter [2] which would escape only JS > related > > stuff (e.g.
Re: Safe way to display HTML user input
Hi, Check https://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Thu, Feb 9, 2017 at 12:50 PM, daniel simkowrote: > Hello, > > I would like to ask you whether there is some safe way how to display html > output from some rich editor (e.g. TinyMCE)? In order to display html it is > necessary to switch off model escaping [1] which is opening a door for XSS. > I was thinking about some converter [2] which would escape only JS related > stuff (e.g.
Safe way to display HTML user input
Hello, I would like to ask you whether there is some safe way how to display html output from some rich editor (e.g. TinyMCE)? In order to display html it is necessary to switch off model escaping [1] which is opening a door for XSS. I was thinking about some converter [2] which would escape only JS related stuff (e.g.