subject:"Safe way to display HTML user input"

Re: Safe way to display HTML user input

2017-02-15 Thread Martin Grigorov

For the history here is library:
https://github.com/owasp/java-html-sanitizer

Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov

On Thu, Feb 9, 2017 at 11:28 PM, daniel simko  wrote:

> Thank you Martin! This is exactly what I was looking for.
>
> 2017-02-09 13:03 GMT+01:00 Martin Grigorov :
>
> > Hi,
> >
> > Check https://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer
> >
> > Martin Grigorov
> > Wicket Training and Consulting
> > https://twitter.com/mtgrigorov
> >
> > On Thu, Feb 9, 2017 at 12:50 PM, daniel simko 
> wrote:
> >
> > > Hello,
> > >
> > > I would like to ask you whether there is some safe way how to display
> > html
> > > output from some rich editor (e.g. TinyMCE)? In order to display html
> it
> > is
> > > necessary to switch off model escaping [1] which is opening a door for
> > XSS.
> > > I was thinking about some converter [2] which would escape only JS
> > related
> > > stuff (e.g.

Re: Safe way to display HTML user input

2017-02-09 Thread daniel simko

Thank you Martin! This is exactly what I was looking for.

2017-02-09 13:03 GMT+01:00 Martin Grigorov :

> Hi,
>
> Check https://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer
>
> Martin Grigorov
> Wicket Training and Consulting
> https://twitter.com/mtgrigorov
>
> On Thu, Feb 9, 2017 at 12:50 PM, daniel simko  wrote:
>
> > Hello,
> >
> > I would like to ask you whether there is some safe way how to display
> html
> > output from some rich editor (e.g. TinyMCE)? In order to display html it
> is
> > necessary to switch off model escaping [1] which is opening a door for
> XSS.
> > I was thinking about some converter [2] which would escape only JS
> related
> > stuff (e.g.

Re: Safe way to display HTML user input

2017-02-09 Thread Martin Grigorov

Hi,

Check https://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer

Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov

On Thu, Feb 9, 2017 at 12:50 PM, daniel simko  wrote:

> Hello,
>
> I would like to ask you whether there is some safe way how to display html
> output from some rich editor (e.g. TinyMCE)? In order to display html it is
> necessary to switch off model escaping [1] which is opening a door for XSS.
> I was thinking about some converter [2] which would escape only JS related
> stuff (e.g.

Safe way to display HTML user input

2017-02-09 Thread daniel simko

Hello,

I would like to ask you whether there is some safe way how to display html
output from some rich editor (e.g. TinyMCE)? In order to display html it is
necessary to switch off model escaping [1] which is opening a door for XSS.
I was thinking about some converter [2] which would escape only JS related
stuff (e.g.

Re: Safe way to display HTML user input

Re: Safe way to display HTML user input

Re: Safe way to display HTML user input

Safe way to display HTML user input

4 matches

Site Navigation

Mail list logo

Footer information