Java Forums
Register Today's Posts Search Today's Posts Mark Forums Read

Main Menu
Home
Today's Posts
FAQ
Search
Contact Us

Java Network
Linux Archive
Java Tips
Java Tips Blog

Sponsored Links





Welcome to the Java Forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community, you will:

  • have access to post topics
  • communicate privately with other members (PM)
  • not see advertisements between posts
  • have the possibility to earn one of our surprises if you are an active member
  • access many other special features that will be introduced later.

Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 09-08-2008, 11:45 AM
Member
  
Join Date: Sep 2008
Posts: 7
nn12 is on a distinguished road
Need help in validation HTML tags
Hi, I am trying to implement Cross Site Scripting prevention in my website. I have already written code to prevent malicious characters in forms & also in URLS.
However I am still not sure how to do HTML tags validation for a text box which allows users to add HTML tags to it. I want my code to skip these tags while validating it.
I have attached my existing code below.
Attached Files
File Type: zip XSS.zip (5.2 KB, 1 views)
Bookmark Post in Technorati
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 09-09-2008, 06:18 AM
Nicholas Jordan's Avatar
Senior Member
  
Join Date: Jun 2008
Location: Southwest
Posts: 780
Nicholas Jordan is on a distinguished road
xss?...
xss remarkably subject to adroit work that one would not think of, and if you get good enough maybe .... just maybe.

The rfc for html states what characters are allowable, only a very few need to be escaped or taken out of the stream or something. If you ever get an actual incident, I suggest logging everything and thowing an exception. It just depends on what you need to protect. Consider for example <sci"ipt> and something that removes quotes or something,...

Marty Hall has some sample code cleaner code on his site or in his books.
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
.
Cybercartography: A new theoretical construct proposed by D.R. Fraser Taylor
Bookmark Post in Technorati
Reply With Quote
Sponsored Links
Reply

« *mostly* GUI questions from a JavaNewb | Converting to ASCII and vice-versa »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
HTML tags anyone? tim Suggestions & Feedback 2 06-29-2008 06:49 AM
Html tags within XML- need help iamhappy XML 2 03-27-2008 06:21 PM
Sturts HTML Tags (II) JavaForums Java Blogs 0 01-17-2008 04:21 PM
HTML tags for Struts Java Tip Java Tips 0 12-27-2007 11:58 AM
How to parse HTML tags Ada Advanced Java 1 05-31-2007 11:42 PM


All times are GMT +3. The time now is 12:39 AM.
Contact Us - Java Forums - Sitemap - Top

VBulletin, Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2006 - 2007, www.java-forums.org