Results 1 to 2 of 2
- 09-08-2008, 09:45 AM #1Member
- Join Date
- Sep 2008
- Rep Power
Need help in validation HTML tags
Hi, I am trying to implement Cross Site Scripting prevention in my website. I have already written code to prevent malicious characters in forms & also in URLS.
However I am still not sure how to do HTML tags validation for a text box which allows users to add HTML tags to it. I want my code to skip these tags while validating it.
I have attached my existing code below.
- 09-09-2008, 04:18 AM #2
xss remarkably subject to adroit work that one would not think of, and if you get good enough maybe .... just maybe.
The rfc for html states what characters are allowable, only a very few need to be escaped or taken out of the stream or something. If you ever get an actual incident, I suggest logging everything and thowing an exception. It just depends on what you need to protect. Consider for example <sci"ipt> and something that removes quotes or something,...
Marty Hall has some sample code cleaner code on his site or in his books.Introduction to Programming Using Java.
Cybercartography: A new theoretical construct proposed by D.R. Fraser Taylor
- By tim in forum Suggestions & FeedbackReplies: 2Last Post: 06-29-2008, 04:49 AM
- By iamhappy in forum XMLReplies: 2Last Post: 03-27-2008, 05:21 PM
- By Java Tip in forum Java TipReplies: 0Last Post: 12-27-2007, 10:58 AM
- By Ada in forum Advanced JavaReplies: 1Last Post: 05-31-2007, 09:42 PM