I am working on a HTML parser which receives a input from user and produce HTML document in tag. Now to avoid XSS attacks I need a simple HTML sanitizing script which filter out all java-script elements and allow only HTML component.
Asked
Active
Viewed 462 times
-1
-
What language are you using? – Alex KeySmith Jul 04 '14 at 13:25
-
A de-facto resource for AntiXSS: [XSS (Cross Site Scripting) Prevention Cheat Sheet](https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet) to get you started. – Alex KeySmith Jul 04 '14 at 13:28
1 Answers
0
There is not way you can properly sanitize user input on client side, because it can all be bypassed, users can simply remove event handlers, delete javascripts. the only way to properly sanitize user input is with client-side programming language.
Vlas Bashynskyi
- 1,886
- 2
- 16
- 25