Results 1 to 2 of 2
  1. #1
    nn12 is offline Member
    Join Date
    Sep 2008
    Rep Power

    Default Need help in validation HTML tags

    Hi, I am trying to implement Cross Site Scripting prevention in my website. I have already written code to prevent malicious characters in forms & also in URLS.
    However I am still not sure how to do HTML tags validation for a text box which allows users to add HTML tags to it. I want my code to skip these tags while validating it.
    I have attached my existing code below.
    Attached Files Attached Files

  2. #2
    Nicholas Jordan's Avatar
    Nicholas Jordan is offline Senior Member
    Join Date
    Jun 2008
    Rep Power

    Default xss?...

    xss remarkably subject to adroit work that one would not think of, and if you get good enough maybe .... just maybe.

    The rfc for html states what characters are allowable, only a very few need to be escaped or taken out of the stream or something. If you ever get an actual incident, I suggest logging everything and thowing an exception. It just depends on what you need to protect. Consider for example <sci"ipt> and something that removes quotes or something,...

    Marty Hall has some sample code cleaner code on his site or in his books.
    Introduction to Programming Using Java.
    Cybercartography: A new theoretical construct proposed by D.R. Fraser Taylor

Similar Threads

  1. HTML tags anyone?
    By tim in forum Suggestions & Feedback
    Replies: 2
    Last Post: 06-29-2008, 04:49 AM
  2. Html tags within XML- need help
    By iamhappy in forum XML
    Replies: 2
    Last Post: 03-27-2008, 04:21 PM
  3. HTML tags for Struts
    By Java Tip in forum Java Tip
    Replies: 0
    Last Post: 12-27-2007, 09:58 AM
  4. How to parse HTML tags
    By Ada in forum Advanced Java
    Replies: 1
    Last Post: 05-31-2007, 09:42 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts