Out of there, there are a lot of WYSWYG editors (like CKEditor) which allow to define the list of the supported tags.
For what concerns the server side aspect, I'd suggest you JSOUP. It allows to clean the HTML submitted by the user [1]. Also, have a look at hdiv [2], IIRC there is a plugin for struts2 which should protect against XSS and other security issues. [1] http://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer [2] http://hdiv.org/ On 26 June 2013 09:06, Simone Camillo Buzzi <simonebu...@gmail.com> wrote: > I'll use this feature to allow user to add comment or compile complex > pages. > I'm not worried about data coming from the editor but data that a malicious > user can send me from a modified page > Does Struts 2 has any interceptor that implements this kind of feature? > Does anyone has experience on this t > Twitter :http://www.twitter.com/m_cucchiara G+ :https://plus.google.com/107903711540963855921 Linkedin :http://www.linkedin.com/in/mauriziocucchiara VisualizeMe: http://vizualize.me/maurizio.cucchiara?r=maurizio.cucchiara Maurizio Cucchiara
