1

We integrated a wysiwyg editor in our website. Now we got the problem that some stuff gets saved in the Database what we might don't want, like JavaScript and so on.

Is there and API / LIB who could filter this stuff out for us? We prefer it to do in our Java Backend. Maybe something that's bases on black and white lists?

BenMorel
  • 34,448
  • 50
  • 182
  • 322
SG 86
  • 6,974
  • 3
  • 25
  • 34
  • possible duplicate of [How to "Purify" HTML code to prevent XSS attacks in Java or JSP?](http://stackoverflow.com/questions/3587199/how-to-purify-html-code-to-prevent-xss-attacks-in-java-or-jsp) – Quentin Mar 21 '12 at 13:50
  • or http://stackoverflow.com/questions/2658922/xss-prevention-in-java – VirtualTroll Mar 21 '12 at 13:51

2 Answers2

2

Try jsoup :

http://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer

Alexis Dufrenoy
  • 11,784
  • 12
  • 82
  • 124
2

Another option could be: OWASP Java HTML Sanitizer

antonjs
  • 14,060
  • 14
  • 65
  • 91